Vulnerability Description
The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismiss_notices() function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to the current time, which may completely take a site offline.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Udx | Wp-Stateless | <= 3.4.0 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9a475017-ef45-4614-bdcThird Party Advisory
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9a475017-ef45-4614-bdcThird Party Advisory
FAQ
What is CVE-2024-1385?
CVE-2024-1385 is a vulnerability with a CVSS score of 7.1 (HIGH). The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismiss_notices() function in all versions up to, and i...
How severe is CVE-2024-1385?
CVE-2024-1385 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1385?
Check the references section above for vendor advisories and patch information. Affected products include: Udx Wp-Stateless.