Missing Authorization vulnerability in Olive One Click Demo Import leads to XSS
CVE-2024-2702

9.8CRITICAL

Key Information:

Vendor

WordPress
Status
Olive One Click Demo Import
Vendor
CVE Published:
20 March 2024

What is CVE-2024-2702?

The Olive One Click Demo Import plugin for WordPress is subject to a Missing Authorization vulnerability that allows unauthorized users to import settings and data. This flaw opens the door to potential cross-site scripting (XSS) attacks, which can compromise website security by allowing malicious scripts to run in the context of a user's browser. This vulnerability affects all versions from not applicable up to and including version 1.1.1, thus necessitating immediate attention from site administrators to mitigate the associated risks.

Affected Version(s)

Olive One Click Demo Import <= 1.1.1

References

https://patchstack.com/database/vulnerability/olive-one-c...
vdb-entry

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yudistira Arya (Patchstack Alliance)
.