Missing Authorization Vulnerability in WP Royal Ashe Extra Plugin by WP Royal
CVE-2024-56244

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Ashe Extra
Vendor: CVE Published:; 2 January 2025

Summary

A missing authorization vulnerability has been identified in the WP Royal Ashe Extra Plugin that allows for exploitation due to incorrectly configured access control security levels. This issue predominantly affects the Ashe Extra Plugin, specifically in versions from n/a up to 1.2.92. Attackers can leverage this vulnerability to gain unauthorized access, undermining the security posture of affected websites. Regular updates and security best practices are crucial to mitigate potential threats from this vulnerability.

Affected Version(s)

Ashe Extra <= 1.2.92

References

https://patchstack.com/database/wordpress/plugin/ashe-ext...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 18, 2024

Credit

Mika (Patchstack Alliance)