Missing Authorization Vulnerability Affects Dashboard To-Do List
CVE-2024-35723

8.8HIGH

Key Information:

Vendor: WordPress
Status: Dashboard To-do List
Vendor: CVE Published:; 10 June 2024

Summary

A vulnerability exists in the Dashboard To-Do List plugin developed by Andrew Rapps, which allows for missing authorization. This may enable unauthorized users to gain access to certain functionalities or data within the application. The flaw affects all versions leading up to and including 1.2.0, potentially exposing sensitive information. It is critical for users of the Dashboard To-Do List to apply the necessary security measures and updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Dashboard To-Do List <= 1.2.0

References

https://patchstack.com/database/vulnerability/dashboard-t...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 10, 2024
Vulnerability Reserved
May 17, 2024

Credit

CatFather (Patchstack Alliance)