The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Dec 2024 05:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1. | |
Title | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation | |
Weaknesses | CWE-284 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-12T05:24:21.899Z
Updated: 2024-12-12T14:49:08.445Z
Reserved: 2024-10-18T12:26:22.692Z
Link: CVE-2024-10124
Vulnrichment
Updated: 2024-12-12T14:49:01.311Z
NVD
Status : Received
Published: 2024-12-12T06:15:20.100
Modified: 2024-12-12T06:15:20.100
Link: CVE-2024-10124
Redhat
No data.