CVE-2024-3602
Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer <= 1.1.0 - Missing Authorization
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to remove the Promolayer connection.
El complemento Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer para WordPress es vulnerable a actualizaciones no autorizadas de la configuración del complemento debido a una falta de verificación de capacidad en la función de desconexión_promolayer en todas las versiones hasta, e incluyendo, 1.1.0. Esto hace posible que atacantes autenticados, con acceso de suscriptor o superior, eliminen la conexión de Promolayer.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-04-10 CVE Reserved
- 2024-06-19 CVE Published
- 2024-06-20 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Promolayer Search vendor "Promolayer" | Popup Builder Search vendor "Promolayer" for product "Popup Builder" | <= 1.1.0 Search vendor "Promolayer" for product "Popup Builder" and version " <= 1.1.0" | wordpress |
Affected
| ||||||