Authors Plugin Vulnerable to Privilege Escalation/Account Takeover
CVE-2024-9215

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Co-authors, Multiple Authors And Guest Authors In An Author Box With PublisHPress Authors
Vendor: CVE Published:; 17 October 2024

Summary

The PublishPress Authors plugin for WordPress contains a vulnerability that permits authenticated users with Author-level access to exploit an insecure direct object reference. This flaw arises because the system fails to validate the 'authors-user_id' parameter in the action_edited_author() function. As a result, attackers can modify the email addresses of any user account, including those of administrators, which can lead to unauthorized password resets and complete account takeovers. This vulnerability affects all versions of the plugin up to and including 4.7.1.

Affected Version(s)

Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors * <= 4.7.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/publishpress-a...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Sep 26, 2024

Credit

wesley