WPZOOM Social Icons Widget & Block versions up to 4.2.15 contain a missing authorization vulnerability caused by insufficient access control in the widget and block, letting attackers perform unauthorized actions, exploit requires no special conditions. [已公开] id: CVE-2024-30464 info: name: WPZOOM Social Icons Widget <= 4.2.15 - Missing Authorization author: pussycat0x severity: medium description: | WPZOOM Social Icons Widget & Block versions up to 4.2.15 contain a missing authorization vulnerability caused by insufficient access control in the widget and block, letting attackers perform unauthorized actions, exploit requires no special conditions. impact: | Attackers can perform unauthorized actions, potentially leading to data tampering or privilege escalation. remediation: | Update to version 4.2.16 or later. reference: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/social-icons-widget-by-wpzoom/social-icons-widget-block-by-wpzoom-4215-missing-authorization classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N cvss-score: 4.3 cve-id: CVE-2024-30464 epss-score: 0.42145 epss-percentile: 0.97402 cwe-id: CWE-862 metadata: verified: tr

WPZOOM Social Icons Widget

POC: 已公开