CVE-2024-5570

MEDIUM

Simple Photoswipe < 0.1 - Authenticated Missing Authorization in Settings Update

Title source: llm
STIX 2.1

Description

The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/49b3a8cb-f606-4cf7-80ec-bfdafd74e848/

Scores

CVSS v3 6.5
EPSS 0.0055
EPSS Percentile 41.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
zitscher/simple_photoswipe < 0.1
Published Jun 28, 2024
Tracked Since Feb 18, 2026