The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator.
History

Tue, 19 Nov 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Cmorillas1
Cmorillas1 external Database Based Actions
CPEs cpe:2.3:a:cmorillas1:external_database_based_actions:0.1:*:*:*:*:wordpress:*:*
Vendors & Products Cmorillas1
Cmorillas1 external Database Based Actions

Mon, 18 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress external Database Based Actions
CPEs cpe:2.3:a:wordpress:external_database_based_actions:*:*:*:*:*:*:*:*
Vendors & Products Wordpress
Wordpress external Database Based Actions
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 15 Nov 2024 09:45:00 +0000

Type Values Removed Values Added
Description The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator.
Title External Database Based Actions <= 0.1 - Authenticated (Subscriber+) Authentication Bypass
Weaknesses CWE-288
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-11-15T09:29:40.406Z

Updated: 2024-11-18T15:05:31.021Z

Reserved: 2024-10-23T17:44:26.809Z

Link: CVE-2024-10311

cve-icon Vulnrichment

Updated: 2024-11-18T15:05:25.912Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-15T10:15:03.980

Modified: 2024-11-19T17:03:19.177

Link: CVE-2024-10311

cve-icon Redhat

No data.