Fluent Support Missing Authorization Vulnerability
CVE-2024-47302

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Fluent Support
Vendor: CVE Published:; 1 November 2024

Summary

The vulnerability allows unauthorized access due to improperly configured access control security levels within the Fluent Support plugin, impacting both earlier versions and up to version 1.8.0. As a result, attackers may exploit this flaw to gain access to restricted functionalities not intended for them, potentially compromising sensitive data and user privacy.

Affected Version(s)

Fluent Support <= 1.8.0

References

https://patchstack.com/database/vulnerability/fluent-supp...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2024
Vulnerability Reserved
Sep 24, 2024

Credit

Khalid Yusuf (Patchstack Alliance)