CVE-2024-11024 Vulnerability Details

  /     /     /  

CVE-2024-11024 Metadata Quick Info

CVE Published: 26/11/2024 | CVE Updated: 26/11/2024 | CVE Year: 2024
Source: Wordfence | Vendor: scottopolis | Product: AppPresser – Mobile App Framework
Status : PUBLISHED

CVE-2024-11024 Description

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user\'s password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user\'s email address, to reset the user\'s password and gain access to their account.

Metrics

CVSS Version: 3.1 | Base Score: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-230
CWE Name: CWE-230 Improper Handling of Missing Values
Source: scottopolis

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-11024 Vulnerability Details