CVE-2024-9262

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-9262

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

T

he User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1 via the getUser() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to obtain user meta values from form fields. Please note that this requires a site administrator to create a form that displays potentially sensitive information like password hashes. This may also be exploited by unauthenticated users if the 'user-meta-public-profile' shortcode is used insecurely.

References
Link Resource
https://plugins.trac.wordpress.org/browser/user-meta/trunk/models/classes/generate/PublicProfile.php#L28
https://www.wordfence.com/threat-intel/vulnerabilities/id/4ed81348-7604-4858-bc8e-b4504d77ee45?source=cve
Configurations

No configuration.

History

12 Nov 2024, 13:56

Type Values Removed Values Added
Summary
  • (es) El complemento User Meta – User Profile Builder y User management para WordPress es vulnerable a la referencia directa a objetos inseguros en todas las versiones hasta la 3.1 incluida a través de getUser() debido a la falta de validación en una clave controlada por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, obtengan valores meta de usuario de los campos de formulario. Tenga en cuenta que esto requiere que un administrador del sitio cree un formulario que muestre información potencialmente confidencial, como hashes de contraseñas. Esto también puede ser explotado por usuarios no autenticados si el código corto 'user-meta-public-profile' se usa de forma insegura.

09 Nov 2024, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-09 03:15

Updated : 2024-11-12 13:56

NVD link : CVE-2024-9262

Mitre link : CVE-2024-9262

CVE.ORG link : CVE-2024-9262

JSON object : View

Products Affected

No product.

CWE
CWE-639

Authorization Bypass Through User-Controlled Key