exploitDog

CVE-2024-13703

Опубликовано: 13 мар. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable and disable plugin widgets.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vcita:crm_and_lead_management_by_vcita:*:*:*:*:*:wordpress:*:*

Версия до 2.7.1 (включая)

EPSS

Процентиль: 28%

0.00102

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-c9cf-2qq3-hq8v

CVSS3: 4.3

github

11 месяцев назад

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable and disable plugin widgets.

EPSS

Процентиль: 28%

0.00102

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862