Unauthorized Modification of Data in Bridge Core Plugin for WordPress
CVE-2024-9860
6.5MEDIUM
Summary
The Bridge Core plugin for WordPress exhibits a significant vulnerability related to inadequate capability checks in the 'import_action' and 'install_plugin_per_demo' functions for versions up to and including 3.3. This flaw enables authenticated users with subscriber-level permissions or higher to manipulate plugin settings, import demo content, and install limited plugins. Such unauthorized modifications can lead to data loss or alterations, compromising website integrity and security.
Affected Version(s)
Bridge Core * <= 3.3
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
István Márton