Overview
- Description
- The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to revoke existing API keys and generate new ones.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security@wordfence.com
- CWE-862
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10092 (Published: 2024-10-26) - A high-severity vulnerability in WordPress Download Monitor plugin (versions prior to 5.0.12) has been identified. Users are urged to update to the latest version to mitigate risks. For more details, check the code here:… https://t.co/g
@transilienceai
27 Oct 2024
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
🚨 CVE-2024-10092 (Published: 2024-10-26) - A high-severity vulnerability in WordPress Download Monitor plugin versions prior to 5.0.12. Exploitation could lead to unauthorized access. 🔒 Remediation: Update to the latest version (5.0.12) to secure your site! More info: [link]… h
@transilienceai
27 Oct 2024
51 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
CVE-2024-10092 The Download Monitor plugin for WordPress is vulnerable to unauth... https://t.co/vCg5GC1UNV Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
26 Oct 2024
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10092 The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions func… https://t.co/VL09wdWlzF
@CVEnew
26 Oct 2024
516 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes