Access Control Flaw in Ksher Payment Plugin
CVE-2024-56001

6.5MEDIUM

Key Information:

Vendor
WordPress
Status
Vendor
CVE Published:
16 December 2024

Summary

A significant security vulnerability, identified as CVE-2024-56001, has been detected in the Ksher Payment plugin. This flaw stems from a missing authorization issue that allows an attacker to exploit incorrectly configured access control security levels. As a result, unauthorized users may gain access to sensitive functionalities of the plugin. This vulnerability primarily affects versions of the Ksher plugin up to 1.1.1, posing a substantial risk for users who have not promptly updated their software. It is essential for users and administrators of the Ksher Payment plugin to implement the latest security patches and conduct thorough reviews of their access control configurations to mitigate potential exploits.

Affected Version(s)

Ksher <= 1.1.1

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mika (Patchstack Alliance)
.