CVE-2024-1177

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 5, 2024

Updated: Feb 13, 2024

CWE ID 862

Summary

CVE-2024-1177 is a vulnerability affecting the WP Club Manager plugin for WordPress. The issue lies in the settings_save() function, which lacks sufficient capability checks. As a result, unauthenticated attackers can manipulate the plugin's settings, specifically the permalink structure for clubs. This weakness allows them to modify data unauthorizedly, posing a security risk to WordPress sites using the plugin version 2.2.10 or lower.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uXlBqR
https://www.cve.org/CVERecord?id=CVE-2024-1177
https://nvd.nist.gov/vuln/detail/CVE-2024-1177

Back to Vulnerability Database

CVE-2024-1177

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations