Lucene search

CVE-2024-25092

🗓️ 09 Jun 2024 11:49:15Reported by PatchstackType

cve🔗 web.nvd.nist.gov👁 54 Views🌐 WEB

CVE-2024-25092 reserved for future security problem disclosure

Reporter	Title	Published	Views	Family All 11
WPVulnDB	NextMove Lite < 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation	12 Feb 202400:00	–	wpvulndb
RedhatCVE	CVE-2024-25092	5 Feb 202513:02	–	redhatcve
NVD	CVE-2024-25092	9 Jun 202411:15	–	nvd
Packet Storm	WordPress NextMove Lite 2.17.0 Missing Authorization	13 Mar 202500:00	–	packetstorm
Patchstack	WordPress NextMove Lite Plugin <= 2.17.0 is vulnerable to Remote Code Execution (RCE)	9 Feb 202400:00	–	patchstack
GithubExploit	Exploit for Missing Authorization in Xlplugins Nextmove	14 Feb 202411:30	–	githubexploit
GithubExploit	Exploit for Missing Authorization in Xlplugins Nextmove	13 Mar 202511:27	–	githubexploit
Vulnrichment	CVE-2024-25092 WordPress NextMove Lite plugin <= 2.17.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability	9 Jun 202410:28	–	vulnrichment
Cvelist	CVE-2024-25092 WordPress NextMove Lite plugin <= 2.17.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability	9 Jun 202410:28	–	cvelist
0day.today	WordPress NextMove Lite 2.17.0 Missing Authorization Exploit	13 Mar 202500:00	–	zdt

Nvd

Vulners

Vulnrichment

Node

xlplugins nextmoveRange<2.18.0litewordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "woo-thank-you-page-nextmove-lite",
    "product": "NextMove Lite",
    "vendor": "XLPlugins",
    "versions": [
      {
        "changes": [
          {
            "at": "2.18.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.17.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/woo-thank-you-page-nextmove-lite/wordpress-nextmove-lite-plugin-2-17-0-subscriber-arbitrary-plugin-installation-activation-vulnerability

Parameter	Position	Path	Description	CWE
url	request body	/wp-json/xl_addon_installation	Unauthorized modification of data due to a missing capability check allows authenticated attackers to install arbitrary plugins.	CWE-862
username	request body	/wp-json/xl_addon_installation	Unauthorized modification of data due to a missing capability check allows authenticated attackers to install arbitrary plugins.	CWE-862
password	request body	/wp-json/xl_addon_installation	Unauthorized modification of data due to a missing capability check allows authenticated attackers to install arbitrary plugins.	CWE-862
slug	request body	/wp-json/xl_addon_installation	Unauthorized modification of data due to a missing capability check allows authenticated attackers to install arbitrary plugins.	CWE-862
php	request body	/wp-json/xl_addon_installation	Unauthorized modification of data due to a missing capability check allows authenticated attackers to install arbitrary plugins.	CWE-862

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Jun 2024 11:15Current

8.7High risk

Vulners AI Score8.7

CVSS38.8

EPSS0.0005

SSVC

CWE-862