Critical Data Modification Vulnerability in Maintenance & Coming Soon Redirect Animation Plugin for WordPress

CVE-2024-9503

4.3MEDIUM

Key Information

Vendor: Yasinedr
Status: Maintenance & Coming Soon Redirect Animation
Vendor: CVE Published:; 20 December 2024

Summary

CVE-2024-9503 is a critical security vulnerability affecting the Maintenance & Coming Soon Redirect Animation plugin for WordPress. This issue arises from a lack of proper capability checks in the plugin's functions – specifically 'wploti_add_whitelisted_roles_option', 'wploti_remove_whitelisted_roles_option', 'wploti_add_whitelisted_users_option', 'wploti_remove_whitelisted_users_option', and 'wploti_uploaded_animation_save_option'. Authenticated users with Subscriber-level access and above can exploit this vulnerability to modify crucial plugin settings, potentially compromising the integrity and security of the website. All versions up to and including v2.1.3 are impacted, necessitating immediate action to mitigate risks.

Affected Version(s)

Maintenance & Coming Soon Redirect Animation <= 2.1.3

Refferences

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/maintenance-co...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2024
Vulnerability Reserved
Oct 3, 2024

Collectors

NVD DatabaseMitre Database

Credit

Francesco Carlucci