CVE-2024-1043
AMP for WP <= 1.0.93.1 - Authenticated(Contributor+) Arbitrary Post Deletion via amppb_remove_saved_layout_data
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with contributor access and above, to delete arbitrary posts on the site.
El complemento AMP for WP – Accelerated Mobile Pages para WordPress es vulnerable a la pérdida no autorizada de datos debido a una falta de verificación de capacidad en la función 'amppb_remove_saved_layout_data' en todas las versiones hasta la 1.0.93.1 incluida. Esto hace posible que atacantes autenticados, con acceso de colaborador y superior, eliminen publicaciones arbitrarias en el sitio.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-01-29 CVE Reserved
- 2024-02-06 CVE Published
- 2024-02-21 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-285: Improper Authorization
CAPEC
References (4)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mohammed Kaludi Search vendor "Mohammed Kaludi" | AMP For WP – Accelerated Mobile Pages Search vendor "Mohammed Kaludi" for product "AMP For WP – Accelerated Mobile Pages" | <= 1.0.93.1 Search vendor "Mohammed Kaludi" for product "AMP For WP – Accelerated Mobile Pages" and version " <= 1.0.93.1" | en |
Affected
|