9.8
CVE-2024-9265
- EPSS 0.35%
- Veröffentlicht 01.10.2024 09:15:08
- Zuletzt bearbeitet 07.10.2024 18:48:15
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginEcho RSS Feed Post Generator <= 5.4.6 - Unauthenticated Privilege Escalation
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_post_header_sent() function. This makes it possible for unauthenticated attackers to register as an administrator.
Mögliche Gegenmaßnahme
Echo RSS Feed Post Generator: Update to version 5.4.7, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Echo RSS Feed Post Generator
Version
*-5.4.6
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Coderevolution ≫ Echo Rss Feed Post Generator SwPlatformwordpress Version < 5.4.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.573 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.