Plattform
wordpress
Komponente
wholesalex
Behoben in
1.3.3
CVE-2024-30542 describes an Improper Privilege Management vulnerability within WholesaleX, enabling Privilege Escalation. This allows attackers to bypass intended access controls and potentially gain administrative access. The vulnerability affects WholesaleX versions up to 1.3.2. A patch is available in version 1.3.3.
Successful exploitation of CVE-2024-30542 allows an attacker to escalate their privileges within the WholesaleX WordPress plugin. This could lead to complete control over the WordPress site, including the ability to modify content, install malicious plugins, steal sensitive data (customer information, order details, payment information), and potentially pivot to other systems on the network. The impact is particularly severe as it could allow an attacker to compromise the entire WordPress installation and potentially gain access to backend systems.
CVE-2024-30542 was publicly disclosed on 2024-05-17. As of this writing, there are no publicly available proof-of-concept exploits. The CVSS score of 9.8 indicates a critical severity, suggesting a high likelihood of exploitation if a suitable exploit is developed and released. The vulnerability is not currently listed on the CISA KEV catalog.
Websites utilizing WholesaleX plugin versions 1.3.2 and earlier are at significant risk. Shared hosting environments are particularly vulnerable, as a compromise of one site could potentially lead to the compromise of others on the same server. WordPress sites with default or weak user permissions are also at increased risk.
• wordpress / composer / npm:
wp plugin list --status=inactive | grep WholesaleX• wordpress / composer / npm:
wp plugin update WholesaleX --all• generic web: Check the WholesaleX plugin version in the WordPress admin dashboard under Plugins. If the version is less than 1.3.3, the system is vulnerable.
disclosure
Exploit-Status
EPSS
0.68% (72% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-30542 is to immediately upgrade WholesaleX to version 1.3.3 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing stricter user access controls within WordPress to limit the potential impact of a successful exploit. While not a complete solution, restricting user permissions can reduce the attacker's ability to escalate privileges. After upgrading, confirm the fix by attempting to execute actions requiring elevated privileges with a standard user account; these actions should be denied.
Actualice el plugin WholesaleX a la última versión disponible. La vulnerabilidad de escalada de privilegios se ha corregido en versiones posteriores a la 1.3.2. Consulte la documentación del plugin para obtener instrucciones sobre cómo actualizar.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-30542 is a critical vulnerability in WholesaleX allowing attackers to gain elevated privileges within a WordPress site, potentially leading to full control. It affects versions up to 1.3.2.
Yes, if you are using WholesaleX version 1.3.2 or earlier, you are vulnerable to this Privilege Escalation exploit.
Upgrade WholesaleX to version 1.3.3 or later to resolve this vulnerability. If immediate upgrade is not possible, implement stricter user access controls.
As of now, there are no publicly known active exploits, but the high CVSS score indicates a potential for future exploitation.
Refer to the WholesaleX official website or WordPress plugin repository for the latest advisory and update information regarding CVE-2024-30542.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.