Critical Flaw In WordPress Plugins Poses Risk Of Site Takeover

Summary: A critical security vulnerability, identified as CVE-2024-2172 in WordPress, urges users utilizing miniOranges Malware Scanner and Web Application Firewall plugins to uninstall these plugins from their websites. This vulnerability enables unauthorized attackers to gain administrative...

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system and...

CVE-2024-2172

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

CVE-2024-2172 Malware Scanner <= 4.7.2 and Web Application Firewall <= 2.1.1 - Unauthenticated Privilege Escalation

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

CVE-2024-2172

CVE-2024-2172 affects MiniOrange WordPress plugins: Malware Scanner (up to 4.7.2) and Web Application Firewall (up to 2.1.1). Root cause is a missing capability check in mo_wpns_init(), enabling unauthenticated privilege escalation to administrator. Documented impact: sites can be compromised by ...

CVE-2024-2172 Malware Scanner <= 4.7.2 and Web Application Firewall <= 2.1.1 - Unauthenticated Privilege Escalation

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to Privilege Escalation

Software Malware Scanner Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-2172 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e270f8310961 Credits Stiofan Required privilege...

WordPress Web Application Firewall – website security Plugin <= 2.1.1 is vulnerable to Privilege Escalation

Software Web Application Firewall – website security Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-2172 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 079a85617a7b Credits...