CVE-2024-9305

EPSS 0.66%
Veröffentlicht 16.10.2024 02:15:07
Zuletzt bearbeitet 17.05.2025 02:49:17
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

AppPresser – Mobile App Framework <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator.

Mögliche Gegenmaßnahme

AppPresser – Mobile App Framework: Update to version 4.4.5, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apppresser ≫ Apppresser SwPlatformwordpress Version < 4.4.5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt AppPresser – Mobile App Framework

Version *-4.4.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.66%	0.468

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@wordfence.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://plugins.trac.wordpress.org/browser/apppresser/tags/4.4.4/inc/AppPresser_Ajax_Extras.php#L31

Product

https://plugins.trac.wordpress.org/browser/apppresser/tags/4.4.4/inc/AppPresser_WPAPI_Mods.php#L92

Product

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3168744%40apppresser&new=3168744%40apppresser&sfp_email=&sfph_mail=

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/45647fa6-a98d-4eb4-a287-f523e434688b?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/45647fa6-a98d-4eb4-a287-f523e434688b

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-9305

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-9305

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-9305

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-9305