Ver todas as ameaças

CVE-2024-10311

Alvo: Não informado

Descrição

The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the ‘edba_admin_handle’ function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator.

Software
Não informado
Tipo Software
Plugin
CVE
CVE-2024-10311
Tags
Nâo informado
Data de publicação
15/11/2024
Última atualização
20/11/2024
Pontuação em CVSS 3.0
8.8
Alto
Rolar para cima