Missing Authorization Vulnerability in Rextheme WP VR Plugin
CVE-2024-49680

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: WP Vr
Vendor: CVE Published:; 19 November 2024

What is CVE-2024-49680?

The WP VR plugin by Rextheme is affected by a missing authorization vulnerability that allows attackers to exploit incorrectly configured access control security levels. This flaw can potentially grant unauthorized users access to restricted functionalities of the plugin, compromising the security of the website. Affected versions range from n/a to 8.5.5, making it essential for users to update their installations promptly to mitigate risks.

Affected Version(s)

WP VR 0 <= 8.5.5

References

https://patchstack.com/database/Wordpress/Plugin/wpvr/vul...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2024

CVE-2024-49680 Data

JSON

WordPress

What is CVE-2024-49680?

Affected Version(s)

References

CVSS V3.1

Timeline