- Description
- Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.
- Source
- audit@patchstack.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- audit@patchstack.com
- CWE-288
- Hype score
- Not currently trending
CVE-2024-43234 Authentication Bypass Using an Alternate Path or Channel vulnerability in Envato Security Team Woffice allows Authentication Bypass.This issue affects Woffice: from n… https://t.co/auAGTrTq4b
@CVEnew
16 Dec 2024
298 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
15,000サイト以上が使用するWordPressのテーマWofficeに重大(Critical)な脆弱性2件。Patchstack社報告。双方CVSSスコア9.8で、未認証ユーザからサイト管理者への権限昇格CVE-2024-43153と無認証での任意アカウント乗っ取りCVE-2024-43234。公式側では修正済み。 https://t.co/J9wED802I4
@__kokumoto
15 Dec 2024
711 Impressions
2 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes