CVE-2024-8853 Vulnerability Details

  /     /     /  

CVE-2024-8853 Metadata Quick Info

CVE Published: 20/09/2024 | CVE Updated: 20/09/2024 | CVE Year: 2024
Source: Wordfence | Vendor: jeremieglotin | Product: Webo-facto
Status : PUBLISHED

CVE-2024-8853 Description

The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the \'doSsoAuthentification\' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains \'-wfuser\'.

Metrics

CVSS Version: 3.1 | Base Score: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-269
CWE Name: CWE-269 Improper Privilege Management
Source: jeremieglotin

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-8853 Vulnerability Details