Missing Authorization vulnerability in Olive One Click Demo Import leads to XSS
CVE-2024-2702
8.2HIGH
Summary
The Olive One Click Demo Import plugin for WordPress is subject to a Missing Authorization vulnerability that allows unauthorized users to import settings and data. This flaw opens the door to potential cross-site scripting (XSS) attacks, which can compromise website security by allowing malicious scripts to run in the context of a user's browser. This vulnerability affects all versions from not applicable up to and including version 1.1.1, thus necessitating immediate attention from site administrators to mitigate the associated risks.
Affected Version(s)
Olive One Click Demo Import <= 1.1.1
References
CVSS V3.1
Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Yudistira Arya (Patchstack Alliance)