CVE-2024-4858

Опубликовано: 25 мая 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature.

Ссылки

https://plugins.trac.wordpress.org/browser/testimonials-carousel-elementor/trunk/class-testimonials-carousel-elementor.php#L126
Product
https://plugins.trac.wordpress.org/changeset/3092154/testimonials-carousel-elementor/trunk/class-testimonials-carousel-elementor.php
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/1f589345-a081-4d27-ac4a-6edc44b96f91?source=cve
Third Party Advisory
https://plugins.trac.wordpress.org/browser/testimonials-carousel-elementor/trunk/class-testimonials-carousel-elementor.php#L126
Product
https://plugins.trac.wordpress.org/changeset/3092154/testimonials-carousel-elementor/trunk/class-testimonials-carousel-elementor.php
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/1f589345-a081-4d27-ac4a-6edc44b96f91?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:uapp:testimonial_carousel_for_elementor:*:*:*:*:*:wordpress:*:*

Версия до 10.2.1 (исключая)

EPSS

Процентиль: 41%

0.00195

Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-862

EPSS

Процентиль: 41%

0.00195

Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-862