Plugin Vulnerability Allows Author Users to Edit Sensitive Settings
CVE-2024-1745

Currently unrated

Key Information:

Vendor: Wordpress
Status: Testimonial Slider
Vendor: CVE Published:; 26 March 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit them.

Affected Version(s)

Testimonial Slider 0 < 2.3.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-1745 - Proof of Concept

References

https://wpscan.com/vulnerability/b63bbfeb-d6f7-4c33-8824-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Mar 26, 2024
👾
Exploit known to exist
Mar 26, 2024
Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Feb 22, 2024

Credit

Dmitrii Ignatyev

WPScan