Access Control Flaw in Ksher Payment Plugin
CVE-2024-56001

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Ksher
Vendor: CVE Published:; 16 December 2024

What is CVE-2024-56001?

A significant security vulnerability, identified as CVE-2024-56001, has been detected in the Ksher Payment plugin. This flaw stems from a missing authorization issue that allows an attacker to exploit incorrectly configured access control security levels. As a result, unauthorized users may gain access to sensitive functionalities of the plugin. This vulnerability primarily affects versions of the Ksher plugin up to 1.1.1, posing a substantial risk for users who have not promptly updated their software. It is essential for users and administrators of the Ksher Payment plugin to implement the latest security patches and conduct thorough reviews of their access control configurations to mitigate potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Ksher <= 1.1.1

References

https://patchstack.com/database/wordpress/plugin/ksher-pa...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Dec 14, 2024

Credit

Mika (Patchstack Alliance)

JSON

WordPress

What is CVE-2024-56001?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.