CVE-2024-8349 Vulnerability Details

  /     /     /  

CVE-2024-8349 Metadata Quick Info

CVE Published: 25/09/2024 | CVE Updated: 25/09/2024 | CVE Year: 2024
Source: Wordfence | Vendor: Uncanny Owl | Product: Uncanny Groups for LearnDash
Status : PUBLISHED

---

CVE-2024-8349 Description

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group leader-level access and above, to change admin account email addresses which can subsequently lead to admin account access.

Metrics

CVSS Version: 3.1 | Base Score: 7.2 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-862
CWE Name: CWE-862 Missing Authorization
Source: Uncanny Owl

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).