Missing Authorization vulnerability in UPQODE Whizzy
CVE-2024-30544

9.8CRITICAL

Key Information:

Vendor

WordPress
Status
Whizzy
Vendor
CVE Published:
9 June 2024

What is CVE-2024-30544?

A missing authorization vulnerability exists in the UPQODE Whizzy plugin, affecting all versions up to 1.1.18. This flaw allows unauthorized users to gain access to restricted functionalities, which could result in unauthorized data manipulation or exposure. Website owners using the Whizzy plugin should assess their security posture and ensure that they apply the necessary updates to mitigate potential exploitation risks. Effective controls and validation checks are crucial in preventing unauthorized access.

Affected Version(s)

Whizzy <= 1.1.18

References

https://patchstack.com/database/vulnerability/whizzy/word...
vdb-entry

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Steven Julian (Patchstack Alliance)
.