Privilege Escalation Vulnerability in SalesKing
CVE-2024-22157

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Salesking
Vendor: CVE Published:; 17 May 2024

Summary

The WebWizards SalesKing product is impacted by an Improper Privilege Management vulnerability that enables privilege escalation. This flaw allows unauthorized users to gain elevated access rights, compromising the integrity and security of the application. The vulnerability affects multiple versions of SalesKing, specifically from n/a to 1.6.15, necessitating prompt action to mitigate potential risks.

Affected Version(s)

SalesKing <= 1.6.15

References

https://patchstack.com/database/vulnerability/salesking/w...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Jan 5, 2024

Credit

Dave Jong (Patchstack)