CVE-2024-5997

The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_user and duplicate_post functions in all versions up to, and including, 0.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create duplicates of users and posts/pages.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/duplica/tags/0.6/src/AJAX.php#L32
https://plugins.trac.wordpress.org/browser/duplica/tags/0.6/src/AJAX.php#L98
https://www.wordfence.com/threat-intel/vulnerabilities/id/605fac87-e1e8-4354-a9d3-4440e54bc161?source=cve

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-18 22:15

Updated : 2024-07-19 13:01

NVD link : CVE-2024-5997

Mitre link : CVE-2024-5997

CVE.ORG link : CVE-2024-5997

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

4.3 /10