CVE-2024-8277

The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login() function and not properly verifying the user's identity. This makes it possible for unauthenticated attackers to log in as user that has dismissed an admin notice in the past 30 days, which is often an administrator. Alternatively, a user can log in as any user with any transient that has a valid user_id as the value, though it would be more difficult to exploit this successfully.
Configurations

Configuration 1 (hide)

cpe:2.3:a:villatheme:woocommerce_photo_reviews:*:*:*:*:*:wordpress:*:*

History

26 Sep 2024, 14:39

Type Values Removed Values Added
CWE CWE-306
CPE cpe:2.3:a:villatheme:woocommerce_photo_reviews:*:*:*:*:*:wordpress:*:*
First Time Villatheme woocommerce Photo Reviews
Villatheme
References () https://codecanyon.net/item/woocommerce-photo-reviews/21245349 - () https://codecanyon.net/item/woocommerce-photo-reviews/21245349 - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/a1e2d370-a716-4d6b-8e23-74db2fbd0760?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/a1e2d370-a716-4d6b-8e23-74db2fbd0760?source=cve - Third Party Advisory

11 Sep 2024, 16:26

Type Values Removed Values Added
Summary
  • (es) El complemento WooCommerce Photo Reviews Premium para WordPress es vulnerable a la omisión de autenticación en todas las versiones hasta la 1.3.13.2 incluida. Esto se debe a que el complemento no valida correctamente qué usuario transitorio se está utilizando en la función login() y no verifica correctamente la identidad del usuario. Esto hace posible que atacantes no autenticados inicien sesión como un usuario que ha rechazado un aviso de administrador en los últimos 30 días, que a menudo es un administrador. Alternativamente, un usuario puede iniciar sesión como cualquier usuario con cualquier transient que tenga un user_id válido como valor, aunque sería más difícil explotar esto con éxito.

11 Sep 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-11 09:15

Updated : 2024-09-26 14:39


NVD link : CVE-2024-8277

Mitre link : CVE-2024-8277

CVE.ORG link : CVE-2024-8277


JSON object : View

Products Affected

villatheme

  • woocommerce_photo_reviews
CWE
CWE-306

Missing Authentication for Critical Function

CWE-288

Authentication Bypass Using an Alternate Path or Channel