Access Control Flaw in Ksher Payment Plugin
CVE-2024-56001

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Ksher
Vendor: CVE Published:; 16 December 2024

Summary

A significant security vulnerability, identified as CVE-2024-56001, has been detected in the Ksher Payment plugin. This flaw stems from a missing authorization issue that allows an attacker to exploit incorrectly configured access control security levels. As a result, unauthorized users may gain access to sensitive functionalities of the plugin. This vulnerability primarily affects versions of the Ksher plugin up to 1.1.1, posing a substantial risk for users who have not promptly updated their software. It is essential for users and administrators of the Ksher Payment plugin to implement the latest security patches and conduct thorough reviews of their access control configurations to mitigate potential exploits.

Affected Version(s)

Ksher <= 1.1.1

References

https://patchstack.com/database/wordpress/plugin/ksher-pa...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Dec 14, 2024

Credit

Mika (Patchstack Alliance)