CVE-2024-5324

The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/easy-login-woocommerce/trunk/includes/xoo-framework/admin/class-xoo-admin-settings.php#L83	Patch
https://plugins.trac.wordpress.org/changeset/3093994/	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=cve	Third Party Advisory
https://plugins.trac.wordpress.org/browser/easy-login-woocommerce/trunk/includes/xoo-framework/admin/class-xoo-admin-settings.php#L83	Patch
https://plugins.trac.wordpress.org/changeset/3093994/	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:xootix:login\/signup_popup:2.7.1:::::wordpress::
	cpe:2.3:a:xootix:login\/signup_popup:2.7.2:::::wordpress::
	cpe:2.3:a:xootix:otp_login_woocommerce_\&_gravity_forms::::::wordpress::*
	cpe:2.3:a:xootix:side_cart_woocommerce:2.5:::::wordpress::
	cpe:2.3:a:xootix:waitlist_woocommerce::::::wordpress::*

History

No history.

Information

Published : 2024-06-06 02:15

Updated : 2024-11-21 09:47

NVD link : CVE-2024-5324

Mitre link : CVE-2024-5324

CVE.ORG link : CVE-2024-5324

JSON object : View

Products Affected

xootix

side_cart_woocommerce
otp_login_woocommerce_\&_gravity_forms
login\/signup_popup
waitlist_woocommerce

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2024-5324", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-06-06T02:15:54.890", "references": [{"url": "https://plugins.trac.wordpress.org/browser/easy-login-woocommerce/trunk/includes/xoo-framework/admin/class-xoo-admin-settings.php#L83", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3093994/", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-login-woocommerce/trunk/includes/xoo-framework/admin/class-xoo-admin-settings.php#L83", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://plugins.trac.wordpress.org/changeset/3093994/", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator."}, {"lang": "es", "value": "El complemento Login/Signup Popup (Inline Form + Woocommerce) para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'import_settings' en las versiones 2.7.1 a 2.7.2. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, cambien opciones arbitrarias en los sitios afectados. Esto se puede utilizar para habilitar el registro de nuevos usuarios y establecer la funci\u00f3n predeterminada para los nuevos usuarios en Administrador."}], "lastModified": "2024-11-21T09:47:25.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xootix:login\\/signup_popup:2.7.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "463688D0-AC8A-428E-8073-4BFBB480242E"}, {"criteria": "cpe:2.3:a:xootix:login\\/signup_popup:2.7.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4FF28D92-2AA6-4CB1-BC92-9A9E849A111A"}, {"criteria": "cpe:2.3:a:xootix:otp_login_woocommerce_\\&_gravity_forms:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "67F08207-88C3-4853-A9D7-276CFFCFA841", "versionEndExcluding": "2.6.2"}, {"criteria": "cpe:2.3:a:xootix:side_cart_woocommerce:2.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0040784F-7863-41D5-84DA-04A2DBA96D72"}, {"criteria": "cpe:2.3:a:xootix:waitlist_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A719E0CB-3CD0-42EF-BCB3-73C6B2C6396B", "versionEndExcluding": "2.6.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}