WP Mailster Missing Authorization Vulnerability Allows Exploiting Incorrectly Configured Access Control Security Levels
CVE-2024-53805
9.8CRITICAL
Summary
A vulnerability exists within the WP Mailster plugin developed by Brandtoss due to missing authorization controls, allowing attackers to exploit incorrectly configured access security levels. This issue affects all versions from n/a up to 1.8.16.0. Successful exploitation could lead to unauthorized access and actions that compromise the integrity of user data and application functionality, emphasizing the importance of robust access control implementations in WordPress plugins.
Affected Version(s)
WP Mailster <= 1.8.16.0
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Mika (Patchstack Alliance)