CVE-2024-9860

CVSS V2 None CVSS V3 None

Description

The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'import_action' and 'install_plugin_per_demo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with subscriber-level permissions or above, to delete or change plugin settings, import demo data, and install limited plugins.

Overview

CVE ID
CVE-2024-9860

Assigner
Wordfence

Vulnerability Status
PUBLISHED

Published Version
2024-10-12T02:05:43.175Z

Last Modified Date
2024-10-12T02:05:43.175Z

Weakness Enumerations

CWE	URL
CWE-862	http://cwe.mitre.org/data/definitions/862.html

References

Reference URL	Reference Tags
https://www.wordfence.com/threat-intel/vulnerabilities/id/968d5d31-2592-4bed-9d18-5877f0d6062e?source=cve
https://themeforest.net/item/bridge-creative-multipurpose-wordpress-theme/7315054

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-9860
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9860

History

Created	Old Value	New Value	Data Type	Notes
2024-10-12 13:37:28				Added to TrackCVE