Lucene search

WpvulndbWPVDB-ID:9E6174C2-5A88-40B7-BD91-CB8E86FD92B3

HistoryMay 01, 2024 - 12:00 a.m.

Barcode Scanner with Inventory & Order Manager < 1.5.4 - Unauthenticated Privilege Escalation

2024-05-0100:00:00

wpscan.com

barcode scanner

inventory manager

point of sale

wordpress

vulnerable

privilege escalation

unauthenticated attackers

administrator

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Description The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.3. This is due to the plugin not properly restricting user meta values that can be updated. This makes it possible for unauthenticated attackers to elevate their privileges to an administrator.

CPENameOperatorVersion
eq1.5.4

CPE	Name	Operator	Version
		eq	1.5.4

References

www.wordfence.com/threat-intel/vulnerabilities/id/dffaf909-72f5-466f-8dd0-d46a81402caf

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for WPVDB-ID:9E6174C2-5A88-40B7-BD91-CB8E86FD92B3