Lucene search
Cyc707WPEX-ID:9B3D6148-ECEE-4E59-84A4-3B3E9898473BHistoryApr 08, 2024 - 12:00 a.m.
GamiPress < 6.8.9 - Broken Access Control
2024-04-0800:00:00
cyc707
25
gamipress
broken access control
poc
april 22 2024
exploit
Description The plugin’s access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical plugin configurations.
- Inferred parameter values
Administrator > manage_options
Editor > delete_others_posts
Author > publish_posts
Contributor > edit_posts
Subscriber > readRelated
nvd
nvd
CVE-2024-2505
2024-04-29 06:15:07
vulnrichment
vulnrichment
CVE-2024-2505 GamiPress < 6.8.9 - Broken Access Control
2024-04-29 06:00:01
cve
cve
CVE-2024-2505
2024-04-29 06:15:07
cvelist
cvelist
CVE-2024-2505 GamiPress < 6.8.9 - Broken Access Control
2024-04-29 06:00:01
wpvulndb
wpvulndb
GamiPress < 6.8.9 - Broken Access Control
2024-04-08 00:00:00
wordfence
wordfence
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:9B3D6148-ECEE-4E59-84A4-3B3E9898473B