Lucene search
PatchstackCVELIST:CVE-2024-25092HistoryJun 09, 2024 - 10:28 a.m.
CVE-2024-25092 WordPress NextMove Lite plugin <= 2.17.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability
2024-06-0910:28:39
CWE-862
Patchstack
www.cve.org
8
cve-2024-25092
wordpress
nextmove lite
vulnerability
subscriber+
arbitrary plugin installation
missing authorization
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.0%
Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0.
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "woo-thank-you-page-nextmove-lite",
"product": "NextMove Lite",
"vendor": "XLPlugins",
"versions": [
{
"changes": [
{
"at": "2.18.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.17.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-25092
2024-06-09 11:15:49
githubexploit
githubexploit
Exploit for CVE-2024-25092
2024-02-14 11:30:59
vulnrichment
vulnrichment
cve
cve
CVE-2024-25092
2024-06-09 11:15:49
wpvulndb
wpvulndb
wordfence
wordfence
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.0%
Related for CVELIST:CVE-2024-25092