Missing Authorization vulnerability Affects DELUCKS SEO
CVE-2024-30538

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Delucks Seo
Vendor: CVE Published:; 9 June 2024

Summary

A missing authorization vulnerability exists in DELUCKS SEO provided by DELUCKS GmbH, allowing unauthorized users to perform actions that should typically require elevated permissions. This flaw can potentially lead to unauthorized access to sensitive information or manipulation of content depending on the affected system's configuration. Users of DELUCKS SEO from the initial release to version 2.5.4 may be at risk and are advised to apply appropriate security measures to mitigate exploitation.

Affected Version(s)

DELUCKS SEO <= 2.5.4

References

https://patchstack.com/database/vulnerability/delucks-seo...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2024
Vulnerability Reserved
Mar 27, 2024

Credit

Mika (Patchstack Alliance)