Access Control Flaw in Ksher Payment Plugin
CVE-2024-56001
Summary
A significant security vulnerability, identified as CVE-2024-56001, has been detected in the Ksher Payment plugin. This flaw stems from a missing authorization issue that allows an attacker to exploit incorrectly configured access control security levels. As a result, unauthorized users may gain access to sensitive functionalities of the plugin. This vulnerability primarily affects versions of the Ksher plugin up to 1.1.1, posing a substantial risk for users who have not promptly updated their software. It is essential for users and administrators of the Ksher Payment plugin to implement the latest security patches and conduct thorough reviews of their access control configurations to mitigate potential exploits.
Affected Version(s)
Ksher <= 1.1.1
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved