CVE-2024-1843
Auto Affiliate Links <= 6.4.3 - Missing Authorization via aalAddLink
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add arbitrary links to posts.
El complemento Auto Affiliate Links para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función aalAddLink en todas las versiones hasta la 6.4.3 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor o superior, agreguen enlaces arbitrarios a las publicaciones.
*Credits:
Lucio Sá
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-02-23 CVE Reserved
- 2024-03-11 CVE Published
- 2024-03-14 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (3)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Thedark Search vendor "Thedark" | Auto Affiliate Links Search vendor "Thedark" for product "Auto Affiliate Links" | <= 6.4.3 Search vendor "Thedark" for product "Auto Affiliate Links" and version " <= 6.4.3" | en |
Affected
| ||||||