← voltar
CVE-2024-1324

QQWorld Auto Save Images <= 1.9.8 - Missing Authorization to Arbitrary Post Content Retrieval

CVSS 5.3 MEDIUMEPSS 0.3%CWE-862
The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the save_remote_images_get_auto_saved_results() function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to retrieve the contents of arbitrary posts that may not be public.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
qqworld · QQWorld Auto Save Images

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://plugins.trac.wordpress.org/browser/qqworld-auto-save-images/trunk/qqworld-auto-save-images.php#L417https://www.wordfence.com/threat-intel/vulnerabilities/id/ed82f527-b7af-4466-a977-855f109ed997?source=cve