CVE-2024-3237 in ConvertPlug Pluginالمعلومات

الملخص

بحسب MITRE • 04/05/2024

The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

حجز

02/04/2024

إفشاء

04/05/2024

الاعتدال

تمت الموافقة

إدخال

VDB-263036

EPSS

0.00368

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

Interested in the pricing of exploits?

See the underground prices here!