Privilege Escalation Vulnerability in VibeThemes VibeBP
CVE-2024-56040

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Vibebp
Vendor: CVE Published:; 31 December 2024

Summary

The vulnerability identified in VibeThemes VibeBP can lead to unauthorized privilege escalation due to incorrect privilege assignments. This issue impacts the plugin across a range of versions, specifically affecting all releases from n/a up to and including 1.9.9.4.1. When exploited, this vulnerability allows attackers to gain elevated privileges, potentially leading to unauthorized actions and data exposure, compromising the security integrity of applications utilizing this plugin.

Affected Version(s)

VibeBP <= 1.9.9.4.1

References

https://patchstack.com/database/wordpress/plugin/vibebp/v...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 14, 2024

Credit

Rafie Muhammad (Patchstack)