PT-2024-39871 · Unknown · Download Plugin
Brian Sans-Souci
+3
·
Published
2024-10-23
·
Updated
2024-10-25
·
CVE-2024-9829
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Download Plugin versions up to, and including, 2.2.0
Description
The issue allows authenticated attackers with Subscriber-level access and above to download any comment and metadata for any user, including sensitive information such as
username, email, hashed passwords, application passwords, and session token information. This is due to missing capability checks on the dpwap handle download user and dpwap handle download comment functions.Recommendations
For versions up to, and including, 2.2.0, consider disabling the
dpwap handle download user and dpwap handle download comment functions until a patch is available to prevent unauthorized access to sensitive user data.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Download Plugin