CVE-2024-22145

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions InstaWP Connect versions 0.1.0.8 and earlier

Description The issue is related to improper privilege management, allowing privilege escalation. It is associated with the save management settings() function and inadequate authorization procedures. This could enable a remote attacker to read, modify, or delete data.

Recommendations For InstaWP Connect versions 0.1.0.8 and earlier, consider disabling the save management settings() function until a patch is available to prevent potential privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authorization

Incorrect Privilege Assignment

Missing Authorization

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266CWE-862CWE-269

Related Identifiers

BDU:2024-00745

CVE-2024-22145

Affected Products

Instawp Connect

CVE-2024-22145

Weakness Enumeration

Related Identifiers

Affected Products

References · 13