CVE-2024-5324 - OpenCVE

The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xootix	Login\/signup Popup Otp Login Woocommerce \& Gravity Forms Side Cart Woocommerce Waitlist Woocommerce

Configuration 1 [-]

OR	cpe:2.3:a:xootix:login\/signup_popup:2.7.1:::::wordpress::
	cpe:2.3:a:xootix:login\/signup_popup:2.7.2:::::wordpress::
	cpe:2.3:a:xootix:otp_login_woocommerce_\&_gravity_forms::::::wordpress::*
	cpe:2.3:a:xootix:side_cart_woocommerce:2.5:::::wordpress::
	cpe:2.3:a:xootix:waitlist_woocommerce::::::wordpress::*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/easy-login-woocommerce/trunk/includes/xoo-framework/admin/class-xoo-admin-settings.php#L83
https://plugins.trac.wordpress.org/changeset/3093994/
https://www.wordfence.com/threat-intel/vulnerabilities/id/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-06T02:02:48.411Z

Updated: 2024-08-01T21:11:12.430Z

Reserved: 2024-05-24T16:18:24.858Z

Link: CVE-2024-5324

Vulnrichment

Updated: 2024-08-01T21:11:12.430Z

NVD

Status : Analyzed

Published: 2024-06-06T02:15:54.890

Modified: 2024-07-24T17:42:49.020

Link: CVE-2024-5324

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5324", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-05-24T16:18:24.858Z", "datePublished": "2024-06-06T02:02:48.411Z", "dateUpdated": "2024-08-01T21:11:12.430Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-06T02:02:48.411Z"}, "affected": [{"vendor": "xootix", "product": "Login/Signup Popup ( Inline Form + Woocommerce )", "versions": [{"version": "2.7.1", "status": "affected", "lessThanOrEqual": "2.7.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator."}], "title": "Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-login-woocommerce/trunk/includes/xoo-framework/admin/class-xoo-admin-settings.php#L83"}, {"url": "https://plugins.trac.wordpress.org/changeset/3093994/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "1337_Wannabe"}], "timeline": [{"time": "2024-06-05T13:11:37.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"affected": [{"vendor": "xootix", "product": "login\\/signup_popup", "cpes": ["cpe:2.3:a:xootix:login\\/signup_popup:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.7.1", "status": "affected", "lessThanOrEqual": "2.7.2", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-16T18:13:46.920950Z", "id": "CVE-2024-5324", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T15:49:40.152Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:12.430Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/easy-login-woocommerce/trunk/includes/xoo-framework/admin/class-xoo-admin-settings.php#L83", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3093994/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/easy-login-woocommerce/trunk/includes/xoo-framework/admin/class-xoo-admin-settings.php#L83", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3093994/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:12.430Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5324", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-16T18:13:46.920950Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:xootix:login\\/signup_popup:*:*:*:*:*:*:*:*"], "vendor": "xootix", "product": "login\\/signup_popup", "versions": [{"status": "affected", "version": "2.7.1", "versionType": "semver", "lessThanOrEqual": "2.7.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T18:14:52.523Z"}}], "cna": {"title": "Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Update", "credits": [{"lang": "en", "type": "finder", "value": "1337_Wannabe"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "xootix", "product": "Login/Signup Popup ( Inline Form + Woocommerce )", "versions": [{"status": "affected", "version": "2.7.1", "versionType": "semver", "lessThanOrEqual": "2.7.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-06-05T13:11:37.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-login-woocommerce/trunk/includes/xoo-framework/admin/class-xoo-admin-settings.php#L83"}, {"url": "https://plugins.trac.wordpress.org/changeset/3093994/"}], "descriptions": [{"lang": "en", "value": "The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-06T02:02:48.411Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5324", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:11:12.430Z", "dateReserved": "2024-05-24T16:18:24.858Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-06-06T02:02:48.411Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xootix:login\\/signup_popup:2.7.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "463688D0-AC8A-428E-8073-4BFBB480242E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xootix:login\\/signup_popup:2.7.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4FF28D92-2AA6-4CB1-BC92-9A9E849A111A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xootix:otp_login_woocommerce_\\&_gravity_forms:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "67F08207-88C3-4853-A9D7-276CFFCFA841", "versionEndExcluding": "2.6.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:xootix:side_cart_woocommerce:2.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0040784F-7863-41D5-84DA-04A2DBA96D72", "vulnerable": true}, {"criteria": "cpe:2.3:a:xootix:waitlist_woocommerce:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A719E0CB-3CD0-42EF-BCB3-73C6B2C6396B", "versionEndExcluding": "2.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator."}, {"lang": "es", "value": "El complemento Login/Signup Popup (Inline Form + Woocommerce) para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'import_settings' en las versiones 2.7.1 a 2.7.2. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, cambien opciones arbitrarias en los sitios afectados. Esto se puede utilizar para habilitar el registro de nuevos usuarios y establecer la funci\u00f3n predeterminada para los nuevos usuarios en Administrador."}], "id": "CVE-2024-5324", "lastModified": "2024-07-24T17:42:49.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2024-06-06T02:15:54.890", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/browser/easy-login-woocommerce/trunk/includes/xoo-framework/admin/class-xoo-admin-settings.php#L83"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3093994/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}