CVE-2024-2505 — HIGH (8.1) — White Hats Nepal

Q: How severe is CVE-2024-2505?

CVE-2024-2505 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-2505?

Check the references section above for vendor advisories and patch information. Affected products include: Gamipress Gamipress.

Vulnerability Description

The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical GamiPress WordPress plugin before 6.8.9 configurations.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Gamipress	Gamipress	< 6.8.9

References

https://wpscan.com/vulnerability/9b3d6148-ecee-4e59-84a4-3b3e9898473b/ExploitThird Party Advisory
https://wpscan.com/vulnerability/9b3d6148-ecee-4e59-84a4-3b3e9898473b/ExploitThird Party Advisory

FAQ

What is CVE-2024-2505?

CVE-2024-2505 is a vulnerability with a CVSS score of 8.1 (HIGH). The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileg...

How severe is CVE-2024-2505?

CVE-2024-2505 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-2505?

Check the references section above for vendor advisories and patch information. Affected products include: Gamipress Gamipress.