The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to vote on unpublished scheduled posts.
Metrics
Affected Vendors & Products
References
History
Mon, 16 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 13 Dec 2024 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to vote on unpublished scheduled posts. | |
Title | Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts | |
Weaknesses | CWE-639 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-13T08:24:51.699Z
Updated: 2024-12-16T16:41:21.316Z
Reserved: 2024-12-06T15:16:29.232Z
Link: CVE-2024-12309
Vulnrichment
Updated: 2024-12-16T15:59:34.389Z
NVD
Status : Received
Published: 2024-12-13T09:15:07.810
Modified: 2024-12-13T09:15:07.810
Link: CVE-2024-12309
Redhat
No data.