← voltar
CVE-2024-4280

White Label CMS <= 2.7.3 - Missing Authorization to Plugin Settings Reset

CVSS 5.3 MEDIUMEPSS 0.4%CWE-862
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
10 mai 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N