Lucene search

[email protected]NVD:CVE-2024-6621

HistoryJul 16, 2024 - 11:15 a.m.

CVE-2024-6621

2024-07-1611:15:10

[email protected]

web.nvd.nist.gov

wordpress

rss aggregator

data modification

authenticated attackers

vulnerability.

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

26.4%

JSON

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wprss_activate_feed_source’ and ‘wprss_pause_feed_source’ functions in all versions up to, and including, 4.23.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or pause existing RSS feeds.

Affected configurations

Nvd

Node

rebelcoderss_aggregatorRange<4.23.12wordpress

VendorProductVersionCPE
rebelcoderss_aggregator*cpe:2.3:a:rebelcode:rss_aggregator:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
rebelcode	rss_aggregator	*	cpe:2.3:a:rebelcode:rss_aggregator::::::wordpress::*

References

plugins.trac.wordpress.org/browser/wp-rss-aggregator/trunk/includes/feed-states.php#L12

plugins.trac.wordpress.org/browser/wp-rss-aggregator/trunk/includes/feed-states.php#L28

plugins.trac.wordpress.org/browser/wp-rss-aggregator/trunk/includes/feed-states.php?rev=3118231

www.wordfence.com/threat-intel/vulnerabilities/id/8e37331b-0b75-41ee-b390-532efd674cc1?source=cve

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

26.4%

JSON

Related for NVD:CVE-2024-6621

cvelist1 cve1 vulnrichment1 wordfence1