- Description
- The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
CVE-2024-12155 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege e..https://t.co/QQ1gLpR44o #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
11 Dec 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-12155: CRITICAL] SV100 Companion plugin for WordPress has a cyber security vulnerability that allows unauthenticated attackers to update arbitrary options and potentially gain administrative access to v...#cybersecurity,#vulnerability https://t.co/bbSN9ZBn14 https://t.c
@CveFindCom
6 Dec 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12155 The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on… https://t.co/yyk4EzuPeX
@CVEnew
6 Dec 2024
257 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes