CVE-2024-1093 - Vulnerability Details - OpenCVE

The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory limit.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00433.

Key SSVC decision points have not yet been added.

Vendors	Products
Simon99	Change Memory Limit

Configuration 1 [-]

cpe:2.3:a:simon99:change_memory_limit:1.0:*:*:*:*:wordpress:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104
https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve

History

Mon, 23 Dec 2024 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Simon99 Simon99 change Memory Limit
Weaknesses		CWE-862
CPEs		cpe:2.3:a:simon99:change_memory_limit:1.0:::::wordpress::
Vendors & Products		Simon99 Simon99 change Memory Limit

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-03-05T01:56:03.764Z

Updated: 2024-08-01T18:26:30.607Z

Reserved: 2024-01-31T00:49:01.943Z

Link: CVE-2024-1093

Vulnrichment

Updated: 2024-08-01T18:26:30.607Z

NVD

Status : Analyzed

Published: 2024-03-05T02:15:25.970

Modified: 2024-12-23T17:03:58.370

Link: CVE-2024-1093

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1093", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-01-31T00:49:01.943Z", "datePublished": "2024-03-05T01:56:03.764Z", "dateUpdated": "2024-08-01T18:26:30.607Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-03-05T01:56:03.764Z"}, "affected": [{"vendor": "simon99", "product": "Change Memory Limit", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory limit."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Francesco Carlucci"}], "timeline": [{"time": "2024-03-04T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1093", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T16:08:40.510140Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T18:00:07.863Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.607Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.607Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1093", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T16:08:40.510140Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:15.356Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Francesco Carlucci"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "simon99", "product": "Change Memory Limit", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-03-04T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104"}], "descriptions": [{"lang": "en", "value": "The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory limit."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-03-05T01:56:03.764Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1093", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:26:30.607Z", "dateReserved": "2024-01-31T00:49:01.943Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-03-05T01:56:03.764Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simon99:change_memory_limit:1.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6ADF1E2B-4C18-4F2A-B4C9-A646CE2B12ED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory limit."}, {"lang": "es", "value": "El complemento Change Memory Limit para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n admin_logic() conectada a trav\u00e9s de admin_init en todas las versiones hasta la 1.0 incluida. Esto hace posible que atacantes no autenticados actualicen el l\u00edmite de memoria."}], "id": "CVE-2024-1093", "lastModified": "2024-12-23T17:03:58.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-03-05T02:15:25.970", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}