CVE-2024-11271

High CVSS: 8.8

The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify webinars.

Vendor

Webinarpress

Product

Webinarpress

CWE

CWE-862

Yayın Tarihi

2025-01-08 05:15:09

Güncelleme

2025-01-17 20:49:14

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 Webinarpress HIGH Webinarpress 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3216237/wp-webinarsystem/trunk/includes/class-webinarsysteem-ajax.php https://www.wordfence.com/threat-intel/vulnerabilities/id/88508dbd-b7a0-441d-918b-f4cb7a7cd000?source=cve

Benzer Kayıtlar

Medium

CVE-2025-62972

Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Confi…

Critical

CVE-2025-47635

Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Server Side Req…

Unknown

CVE-2025-32693

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allow…

Medium

CVE-2025-31883

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWebinarSystem We…

Unknown

CVE-2025-31882

Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Confi…

High

CVE-2024-11270

The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missi…