CVE-2024-13646

Single-user-chat <= 0.5 - Authenticated (Subscriber+) Limited Options Update

CVSS 8.1 HIGHEPSS 0.4%CWE-285

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.1EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

30 jan 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'single_user_chat_update_login' function in all versions up to, and including, 0.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update option values to 'login' on the WordPress site. This may be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Produtos afetados

aakashbhagat23 · Single-user-chat

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://plugins.trac.wordpress.org/browser/single-user-chat/trunk/single-user-chat.php#L326 https://www.wordfence.com/threat-intel/vulnerabilities/id/8a4978c1-087f-4784-9691-91ca5044f60a?source=cve