PT-2024-19020 · WordPress · Web Application Firewall+1
Stiofan
+1
·
Published
2024-03-13
·
Updated
2024-03-25
·
CVE-2024-2172
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Malware Scanner plugin versions up to, and including, 4.7.2
Web Application Firewall plugin versions up to, and including, 2.1.1
Description
The issue is related to a missing capability check on the
mo wpns init() function, which allows unauthenticated attackers to escalate their privileges to that of an administrator. This makes it possible for attackers to gain administrative privileges to the site.Recommendations
For Malware Scanner plugin versions up to, and including, 4.7.2, update to a version later than 4.7.2 to resolve the issue.
For Web Application Firewall plugin versions up to, and including, 2.1.1, update to a version later than 2.1.1 to resolve the issue.
As a temporary workaround, consider disabling the
mo wpns init() function until a patch is available.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Malware Scanner
Web Application Firewall