The vulnerability of the update_form() function in the Admin Bar Editor plugin of the WordPress content management system allows a hacker to enable or disable the administrator panel on the website’s external interface.

🗓️ 01 May 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerability in Admin Bar Editor update_form allows enabling or disabling admin panel due to weak authentication.

Reporter	Title	Published	Views	Family All 12
CNNVD	WordPress plugin Admin Bar Remover 安全漏洞	2 May 202400:00	–	cnnvd
CVE	CVE-2024-1716	2 May 202416:52	–	cve
Cvelist	CVE-2024-1716 Admin Bar Remover <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update	2 May 202416:52	–	cvelist
EUVD	EUVD-2024-17450	3 Oct 202520:07	–	euvd
NVD	CVE-2024-1716	2 May 202417:15	–	nvd
Patchstack	WordPress Admin Bar Remover plugin <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability	29 Apr 202410:38	–	patchstack
Patchstack	WordPress Admin Bar Editor Plugin <= 1.0.2.2 is vulnerable to Broken Access Control	29 Apr 202400:00	–	patchstack
Positive Technologies	PT-2024-3162 · WordPress · Admin Bar Remover	21 Feb 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-1716	23 May 202508:23	–	redhatcve
Vulnrichment	CVE-2024-1716 Admin Bar Remover <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update	2 May 202416:52	–	vulnrichment

Vulners

Node

jewel_theme admin_bar_editorRange≤1.0.2.2

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/admin-bar/admin-bar-remover-1022-missing-authorization-to-authenticated-subscriber-settings-update
vuldb	www.vuldb.com/
web	www.web.nvd.nist.gov/view/vuln/detail

01 May 2024 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 24

CVSS 34.3

EPSS0.00132

admin bar editor wordpress plugin update form vulnerability weak authentication admin panel external interface