Missing Authorization vulnerability in UPQODE Whizzy
CVE-2024-30544

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Whizzy
Vendor: CVE Published:; 9 June 2024

Summary

A missing authorization vulnerability exists in the UPQODE Whizzy plugin, affecting all versions up to 1.1.18. This flaw allows unauthorized users to gain access to restricted functionalities, which could result in unauthorized data manipulation or exposure. Website owners using the Whizzy plugin should assess their security posture and ensure that they apply the necessary updates to mitigate potential exploitation risks. Effective controls and validation checks are crucial in preventing unauthorized access.

Affected Version(s)

Whizzy <= 1.1.18

References

https://patchstack.com/database/vulnerability/whizzy/word...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2024
Vulnerability Reserved
Mar 27, 2024

Credit

Steven Julian (Patchstack Alliance)