The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable shop functionality.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 26 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable shop functionality. | |
Title | Download Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop Enable | |
Weaknesses | CWE-862 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-09-26T02:03:24.869Z
Updated: 2024-09-26T14:56:16.845Z
Reserved: 2024-09-06T19:45:38.107Z
Link: CVE-2024-8552
Vulnrichment
Updated: 2024-09-26T14:56:11.938Z
NVD
Status : Awaiting Analysis
Published: 2024-09-26T03:15:03.000
Modified: 2024-09-26T13:32:02.803
Link: CVE-2024-8552
Redhat
No data.