Today > 1 Critical | 1 High vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-2505

April 29, 2024, 12:42 p.m.

Tags

Product(s) Impacted

GamiPress WordPress plugin

  • before 6.8.9

Description

The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical GamiPress WordPress plugin before 6.8.9 configurations.

Weaknesses

Date

Published: April 29, 2024, 6:15 a.m.

Last Modified: April 29, 2024, 12:42 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

contact@wpscan.com

References

https://wpscan.com/ contact@wpscan.com