exploitDog

CVE-2024-10294

Опубликовано: 09 нояб. 2024

Источник: nvd

CVSS3: 6.5

CVSS3: 7.5

EPSS Низкий

Описание

The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ce21:ce21_suite:*:*:*:*:*:wordpress:*:*

Версия до 2.2.0 (включая)

EPSS

Процентиль: 55%

0.00323

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-6qff-2q54-86rx

CVSS3: 6.5

github

около 1 года назад

The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.

EPSS

Процентиль: 55%

0.00323

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-862