The WP-Orphanage Extended plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the wporphanageex_menu_settings() function. This makes it possible for unauthenticated attackers to escalate the privileges of all orphan accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Meloniq.net
Meloniq.net wp-orphanage Extended |
|
CPEs | cpe:2.3:a:meloniq.net:wp-orphanage_extended:*:*:*:*:*:*:*:* | |
Vendors & Products |
Meloniq.net
Meloniq.net wp-orphanage Extended |
|
Metrics |
ssvc
|
Sat, 23 Nov 2024 03:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WP-Orphanage Extended plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the wporphanageex_menu_settings() function. This makes it possible for unauthenticated attackers to escalate the privileges of all orphan accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |
Title | WP-Orphanage Extended <= 1.2 - Cross-Site Request Forgery to Orphan Account Privilege Escalation | |
Weaknesses | CWE-352 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-11-23T03:25:51.901Z
Updated: 2024-11-26T19:37:04.802Z
Reserved: 2024-11-19T14:16:13.943Z
Link: CVE-2024-11415
Vulnrichment
Updated: 2024-11-26T19:36:58.688Z
NVD
Status : Received
Published: 2024-11-23T04:15:08.760
Modified: 2024-11-23T04:15:08.760
Link: CVE-2024-11415
Redhat
No data.