CVE-2024-6392

11 Jul 2024

Título es

CVE-2024-6392

Jue, 11/07/2024 – 22:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-6392

Descripción en

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one.

12/07/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.6/sirv.php#L5197

https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.6/sirv.php#L5338

https://www.wordfence.com/threat-intel/vulnerabilities/id/229490c3-d820-4831-b105-a429512c2c60?source=cve

Enviar en el boletín