exploitDog

CVE-2024-8349

Опубликовано: 25 сент. 2024

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group leader-level access and above, to change admin account email addresses which can subsequently lead to admin account access.

Ссылки

https://github.com/karlemilnikka/CVE-2024-8349-and-CVE-2024-8350
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/64cf0ae2-8d66-40d1-8bb6-0cab1dafab0d?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:uncannyowl:uncanny_groups_for_learndash:*:*:*:*:*:wordpress:*:*

Версия до 6.1.1 (исключая)

EPSS

Процентиль: 86%

0.03072

Низкий

7.2 High

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-w3jq-wqph-2fhr

CVSS3: 7.2

github

больше 1 года назад

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group leader-level access and above, to change admin account email addresses which can subsequently lead to admin account access.

EPSS

Процентиль: 86%

0.03072

Низкий

7.2 High

CVSS3

Дефекты

CWE-862