CVE-2024-3895 – WP Datepicker <= 2.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

https://notcve.org/view.php?id=CVE-2024-3895

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options that can be used for privilege escalation. This was partially patched in 2.0.9 and 2.1.0, and fully patched in 2.1.1. El complemento WP Datepicker para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función wpdp_add_new_datepicker_ajax() en todas las versiones hasta la 2.1.0 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, actualicen opciones arbitrarias que pueden usarse para escalar privilegios. • https://plugins.trac.wordpress.org/changeset/3073525/wp-datepicker/trunk/inc/functions_inner.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3071975%40wp-datepicker&new=3071975%40wp-datepicker&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3073221%40wp-datepicker&new=3073221%40wp-datepicker&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/45a42f20-a4d7-4c8e-a144-505a6723a2a0?source=cve • CWE-862: Missing Authorization •