- Description
- The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-640
- Hype score
- Not currently trending
CVE-2024-11103 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up t..https://t.co/uQvgTR4bf3 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
3 Dec 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11103 The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the p… https://t.co/6Kxa4Lp5AO
@CVEnew
28 Nov 2024
430 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-11103: CRITICAL] WordPress Contest Gallery plugin up to v24.0.7 is at risk as it lacks user validation, enabling account takeover. Take action to secure against cyber threats.#cybersecurity,#vulnerability https://t.co/GKOFu91zRL https://t.co/jjZROYPUg7
@CveFindCom
28 Nov 2024
32 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contest-gallery:contest_gallery:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "8D274065-6C77-40C1-8B6E-2742ED068B1A",
"versionEndExcluding": "24.0.8"
}
],
"operator": "OR"
}
]
}
]