CVE-2024-31423

WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.5 - Broken Access Control vulnerability

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.5.

Vulnerabilidad de autorización faltante en Alex Volkov WP Accessibility Helper (WAH). Este problema afecta a WP Accessibility Helper (WAH): desde n/a hasta 0.6.2.5.

The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_attachment_alt() function in versions up to, and including, 0.6.2.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update attachment alts.

*Credits: Mika (Patchstack Alliance)

CVSS Scores

Patchstackv3.1 4.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-04-03 CVE Reserved
2024-04-10 CVE Published
2024-08-02 CVE Updated
2024-09-27 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-862: Missing Authorization

CAPEC

References (1)

URL	Tag	Source
https://patchstack.com/database/vulnerability/wp-accessibility-helper/wordpress-wp-accessibility-helper-wah-plugin-0-6-2-5-broken-access-control-vulnerability?_s_id=cve	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wp Accessibility Helper Search vendor "Wp Accessibility Helper"		Wp Accessibility Helper Search vendor "Wp Accessibility Helper" for product "Wp Accessibility Helper"				>= 0.0.0.0 <= 0.6.2.5 Search vendor "Wp Accessibility Helper" for product "Wp Accessibility Helper" and version " >= 0.0.0.0 <= 0.6.2.5"		en		Affected