Authentication Bypass Vulnerability Affects WordPress Plugin
CVE-2024-10311
8.8HIGH
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 15 November 2024
Summary
The External Database Based Actions plugin for WordPress contains a significant vulnerability that allows authenticated attackers, who possess subscriber-level permissions or higher, to bypass authentication checks. This flaw is rooted in a lack of necessary capability verification in the 'edba_admin_handle' function. As a result, potential attackers can alter plugin settings and gain unauthorized access to accounts of existing users, including administrators. This vulnerability poses a serious risk to WordPress sites utilizing this plugin, necessitating swift remedial action to secure affected systems.
Affected Version(s)
External Database Based Actions * <= 0.1
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
István Márton