Overview
- Description
- The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- security@wordfence.com
- CWE-862
Social media
- Hype score
- Not currently trending
CVE-2024-10589 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can l..https://t.co/wwh9fgUJ93 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10589 (Published: 2024-11-09) - High severity vulnerability in Nouthemes Leopard WordPress Offload Media. Affects specific versions. 🛡️ Remediation: Update to the latest version immediately to secure your site. More info: https://t.co/3ZGxlybizu #WordPress #Security
@transilienceai
13 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10589: CRITICAL] Vulnerability alert: Leopard - WordPress Offload Media plugin allows attackers to escalate privileges via data modification. Secure your site now! #cybersecurity#cybersecurity,#vulnerability https://t.co/lASdE9Ww6N https://t.co/udmtoeerhj
@CveFindCom
9 Nov 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10589 The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing c… https://t.co/skNlhJiUgX
@CVEnew
9 Nov 2024
302 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes