WordPress PWA for WP & AMP plugin <= 1.7.72 - Broken Access Control vulnerability
CVE-2024-47318

8.8HIGH

Key Information:

Vendor: WordPress
Status: Pwa For WP & Amp
Vendor: CVE Published:; 1 November 2024

Summary

A missing authorization vulnerability in the Magazine3 PWA for WP & AMP plugin exposes users to risks associated with incorrectly configured access control security levels. This issue enables unauthorized access to restricted areas of the application, potentially allowing attackers to exploit sensitive functionalities and data. The issue affects specific versions of the product, highlighting the need for users to evaluate their security configurations and apply necessary updates.

Affected Version(s)

PWA for WP & AMP <= 1.7.72

References

https://patchstack.com/database/vulnerability/pwa-for-wp/...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2024
Vulnerability Reserved
Sep 24, 2024

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)