CVE-2024-8853

The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/webo-facto-connector/tags/1.40/WeboFacto/Sso.php#L78	Product
https://plugins.trac.wordpress.org/changeset/3153062/webo-facto-connector	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/c1280ceb-9ce8-47fc-8fd3-6af80015dea9?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:medialibs:webo-facto:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2024-09-20 08:15

Updated : 2024-09-25 17:49

NVD link : CVE-2024-8853

Mitre link : CVE-2024-8853

CVE.ORG link : CVE-2024-8853

JSON object : View

Products Affected

medialibs

webo-facto

CWE

CWE-269

Improper Privilege Management

NVD-CWE-noinfo

{"id": "CVE-2024-8853", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-09-20T08:15:11.493", "references": [{"url": "https://plugins.trac.wordpress.org/browser/webo-facto-connector/tags/1.40/WeboFacto/Sso.php#L78", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3153062/webo-facto-connector", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c1280ceb-9ce8-47fc-8fd3-6af80015dea9?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'."}, {"lang": "es", "value": "El complemento Webo-facto para WordPress es vulnerable a la escalada de privilegios en versiones hasta la 1.40 incluida debido a una restricci\u00f3n insuficiente en la funci\u00f3n 'doSsoAuthentification'. Esto hace posible que atacantes no autenticados se conviertan en administradores registr\u00e1ndose con un nombre de usuario que contenga '-wfuser'."}], "lastModified": "2024-09-25T17:49:25.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:medialibs:webo-facto:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "950849A5-AADE-4DB0-98D0-27F7001051BA", "versionEndExcluding": "1.41"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}