Kostenlos scannen
CRITICALCVE-2024-43121CVSS 9.1

WordPress HUSKY plugin <= 1.3.6.1 - Privilege Escalation vulnerability

wird übersetzt…

Plattform

wordpress

Komponente

woocommerce-products-filter

Behoben in

1.3.7

AI Confidence: highNVDEPSS 0.4%Geprüft: Mai 2026
Auf NVD ansehen
Speichern
Wird in Ihre Sprache übersetzt…

CVE-2024-43121 describes a Privilege Escalation vulnerability within the HUSKY WordPress plugin. This flaw allows attackers to bypass intended access controls and gain elevated privileges on a WordPress installation. Versions of HUSKY prior to 1.3.7 are affected, and a patch has been released to address the issue. Prompt action is recommended to mitigate potential risks.

WordPress

Erkenne diese CVE in deinem Projekt

Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.

Kostenlos scannen

Auswirkungen und Angriffsszenarienwird übersetzt…

Successful exploitation of CVE-2024-43121 allows an attacker to escalate their privileges within the WordPress environment. This could involve gaining administrator access, enabling them to modify site content, install malicious plugins, steal sensitive data (user credentials, database information), or even completely compromise the server. The impact is particularly severe because WordPress is frequently used to host business-critical applications and sensitive data, making it a high-value target for attackers. A successful attack could lead to data breaches, website defacement, and significant reputational damage.

Ausnutzungskontextwird übersetzt…

CVE-2024-43121 was publicly disclosed on August 13, 2024. The vulnerability's criticality (CVSS 9.1) suggests a high probability of exploitation. As of this writing, there are no publicly available proof-of-concept exploits, but the severity and ease of privilege escalation often make these vulnerabilities attractive targets for attackers. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.

Wer Ist Gefährdetwird übersetzt…

WordPress websites utilizing the HUSKY plugin, particularly those running versions prior to 1.3.7, are at risk. Shared hosting environments where multiple websites share the same server are especially vulnerable, as a compromise of one site could potentially lead to the compromise of others. Websites with weak user access controls or those that have not been regularly updated are also at increased risk.

Erkennungsschrittewird übersetzt…

• wordpress / composer / npm:

wp plugin list --status=inactive | grep husky

• wordpress / composer / npm:

wp plugin update husky --all

• wordpress / composer / npm:

wp plugin status husky

• generic web: Check WordPress access logs for unusual user activity or attempts to access administrative functions from unauthorized IP addresses.

Angriffszeitlinie

  1. Disclosure

    disclosure

Bedrohungsanalyse

Exploit-Status

Proof of ConceptUnbekannt
CISA KEVNO
Internet-ExponierungHoch

EPSS

0.36% (58% Perzentil)

CISA SSVC

Ausnutzungnone
Automatisierbarno
Technische Auswirkungtotal

CVSS-Vektor

BEDROHUNGSANALYSE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H9.1CRITICALAttack VectorNetworkWie der Angreifer das Ziel erreichtAttack ComplexityLowBedingungen zur erfolgreichen AusnutzungPrivileges RequiredHighErforderliche AuthentifizierungsstufeUser InteractionNoneOb ein Opfer eine Aktion ausführen mussScopeChangedAuswirkungen über die Komponente hinausConfidentialityHighRisiko der Offenlegung sensibler DatenIntegrityHighRisiko nicht autorisierter DatenänderungAvailabilityHighRisiko der Dienstunterbrechungnextguardhq.com · CVSS v3.1 Basis-Score
Was bedeuten diese Metriken?
Attack Vector
Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
Attack Complexity
Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
Privileges Required
Hoch — Administrator- oder Privilegienkonto erforderlich.
User Interaction
Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
Scope
Geändert — Angriff kann über die anfällige Komponente hinaus auf andere Systeme übergreifen.
Confidentiality
Hoch — vollständiger Vertraulichkeitsverlust. Angreifer kann alle Daten lesen.
Integrity
Hoch — Angreifer kann beliebige Daten schreiben, ändern oder löschen.
Availability
Hoch — vollständiger Absturz oder Ressourcenerschöpfung. Totaler Denial of Service.

Betroffene Software

Komponentewoocommerce-products-filter
Herstellerrealmag777
Betroffener BereichBehoben in
0.0.0 – 1.3.6.11.3.7

Paketinformationen

Aktive Installationen
90KBekannt
Plugin-Bewertung
4.6
Erfordert WordPress
6.0+
Kompatibel bis
7.0
Erfordert PHP
7.4+
Website

Schwachstellen-Klassifikation (CWE)

CWE-269

Zeitleiste

  1. Reserviert
  2. Veröffentlicht
  3. EPSS aktualisiert

Mitigation und Workaroundswird übersetzt…

The primary mitigation for CVE-2024-43121 is to immediately upgrade the HUSKY WordPress plugin to version 1.3.7 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These might include restricting user roles and permissions to limit the potential impact of a successful exploit. Monitor WordPress access logs for suspicious activity, particularly attempts to access restricted areas of the site. After upgrading, verify the fix by attempting to perform actions that would previously have been restricted based on user roles; confirm that access is now properly controlled.

So behebenwird übersetzt…

Actualice el plugin HUSKY a la última versión disponible. La vulnerabilidad de escalada de privilegios se ha corregido en versiones posteriores a la 1.3.6.1. Consulte el registro de cambios del plugin para obtener más detalles sobre la corrección.

CVE-Sicherheitsnewsletter

Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.

Häufig gestellte Fragenwird übersetzt…

What is CVE-2024-43121 — Privilege Escalation in HUSKY WordPress Plugin?

CVE-2024-43121 is a critical vulnerability in the HUSKY WordPress plugin that allows attackers to gain elevated privileges, potentially compromising the entire site. It affects versions up to 1.3.6.1.

Am I affected by CVE-2024-43121 in HUSKY WordPress Plugin?

Yes, if you are using the HUSKY WordPress plugin and have not upgraded to version 1.3.7 or later, you are vulnerable to this privilege escalation attack.

How do I fix CVE-2024-43121 in HUSKY WordPress Plugin?

The recommended fix is to immediately update the HUSKY WordPress plugin to version 1.3.7 or a later version. If upgrading is not possible, implement temporary access restrictions.

Is CVE-2024-43121 being actively exploited?

While there are no publicly known exploits currently, the high severity of the vulnerability suggests a high probability of exploitation. Continuous monitoring is advised.

Where can I find the official HUSKY advisory for CVE-2024-43121?

Refer to the official HUSKY plugin documentation and WordPress security announcements for the latest advisory and updates regarding CVE-2024-43121.

Ist dein Projekt betroffen?

Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.

Kostenlos scannenCVEs suchen