Authorization Bypass Through User-Controlled Key vulnerability
CVE-2024-32683

7.5HIGH

Key Information:

Vendor: WordPress
Status: WP Ultimate Review
Vendor: CVE Published:; 19 April 2024

Summary

The Wpmet Wp Ultimate Review plugin contains a vulnerability that allows unauthorized users to bypass security measures by manipulating user-controlled keys. This flaw primarily affects versions of the plugin up to 2.2.5, potentially enabling attackers to gain access to restricted functionalities or sensitive data without proper authorization.

Affected Version(s)

Wp Ultimate Review <= 2.2.5

References

https://patchstack.com/database/vulnerability/wp-ultimate...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2024
Vulnerability Reserved
Apr 17, 2024

Credit

Kyle Sanchez (Patchstack Alliance)