CVE-2024-0829
Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscriber access or higher, to invoke those actions. As a result, they may modify comment form fields and update plugin settings.
El complemento Comments Extra Fields For Post,Pages and CPT para WordPress es vulnerable a la falta de autorizaciĆ³n en todas las versiones hasta la 5.0 incluida. Esto se debe a comprobaciones de capacidad faltantes o incorrectas en varias acciones de ajax. Esto hace posible que los atacantes autenticados, con acceso de suscriptor o superior, invoquen esas acciones. Como resultado, pueden modificar los campos del formulario de comentarios y actualizar la configuraciĆ³n del complemento.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-01-23 CVE Reserved
- 2024-02-26 CVE Published
- 2024-03-14 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (3)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nmedia Search vendor "Nmedia" | Comments Extra Fields For Post,Pages And CPT Search vendor "Nmedia" for product "Comments Extra Fields For Post,Pages And CPT" | <= 5.0 Search vendor "Nmedia" for product "Comments Extra Fields For Post,Pages And CPT" and version " <= 5.0" | en |
Affected
| ||||||