Access Control Vulnerability in POSIMYTH Nexter Blocks Plugin
CVE-2024-56294

6.4MEDIUM

Key Information:

Vendor: WordPress
Status: Nexter Blocks
Vendor: CVE Published:; 7 January 2025

Summary

The POSIMYTH Nexter Blocks plugin suffers from a missing authorization issue, leading to the exploitation of incorrectly configured access control security levels. This vulnerability could allow attackers to gain unauthorized access to restricted functionalities within the plugin, particularly affecting versions up to and including 4.0.7. Proper access control measures should be implemented to mitigate the risk and protect sensitive data from potential exploitation.

Affected Version(s)

Nexter Blocks <= 4.0.7

References

https://patchstack.com/database/wordpress/plugin/the-plus...

vdb-entry

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 7, 2025
Vulnerability Reserved
Dec 18, 2024

Credit

Khalid Yusuf (Patchstack Alliance)