The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.
History

Tue, 12 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Ce21
Ce21 ce21-suite
CPEs cpe:2.3:a:ce21:ce21-suite:*:*:*:*:*:*:*:*
Vendors & Products Ce21
Ce21 ce21-suite
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 09 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
Description The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.
Title CE21 Suite <= 2.2.0 - Missing Authorization to Unauthenticated Plugin Settings Change
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-11-09T02:32:03.300Z

Updated: 2024-11-12T16:07:10.676Z

Reserved: 2024-10-23T08:08:57.346Z

Link: CVE-2024-10294

cve-icon Vulnrichment

Updated: 2024-11-12T16:07:03.509Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-09T03:15:04.647

Modified: 2024-11-12T13:56:54.483

Link: CVE-2024-10294

cve-icon Redhat

No data.