CVE-2024-10399
Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users.
El complemento Download Monitor para WordPress es vulnerable a la modificación no autorizada de datos debido a una falta de verificación de capacidad en la función ajax_search_users en todas las versiones hasta la 5.0.13 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor o superior, obtengan nombres de usuario y correos electrónicos de los usuarios del sitio.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-10-25 CVE Reserved
- 2024-10-29 CVE Published
- 2024-10-30 CVE Updated
- 2024-10-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (3)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wpchill Search vendor "Wpchill" | Download Monitor Search vendor "Wpchill" for product "Download Monitor" | <= 5.0.13 Search vendor "Wpchill" for product "Download Monitor" and version " <= 5.0.13" | en |
Affected
|