प्लेटफ़ॉर्म
wordpress
घटक
salesking
में ठीक किया गया
1.6.16
CVE-2024-22157 describes an Improper Privilege Management vulnerability within WebWizards SalesKing, enabling Privilege Escalation. This flaw allows attackers to bypass intended access controls and potentially gain administrative access. The vulnerability affects SalesKing versions up to 1.6.15, and a patch is available in version 1.6.16.
Successful exploitation of CVE-2024-22157 allows an attacker to escalate their privileges within the SalesKing WordPress plugin. This could lead to complete control over the WordPress site, including the ability to modify content, install malicious plugins, steal sensitive data (user credentials, customer information, financial data), and even compromise the underlying server. The impact is particularly severe because SalesKing is often used for managing customer relationships and sales processes, making the data at risk highly valuable. A compromised SalesKing instance could be used as a launching point for further attacks against the entire network, demonstrating a significant blast radius.
CVE-2024-22157 was publicly disclosed on 2024-05-17. As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability's CRITICAL CVSS score suggests a high probability of exploitation if a suitable exploit is developed and released. It is not currently listed on the CISA KEV catalog, but its severity warrants close monitoring.
Organizations using SalesKing for customer relationship management or sales tracking are at significant risk. Specifically, those running older versions of SalesKing (≤1.6.15) and those with limited security monitoring or patching practices are particularly vulnerable. Shared WordPress hosting environments are also at increased risk, as a compromised SalesKing plugin on one site could potentially impact other sites on the same server.
• wordpress / composer / npm:
wp plugin list --status=inactive | grep SalesKing• wordpress / composer / npm:
wp plugin update --all• wordpress / composer / npm:
wp plugin status SalesKing• wordpress / composer / npm:
grep -r 'SalesKing' /var/www/html/wp-content/plugins/disclosure
एक्सप्लॉइट स्थिति
EPSS
0.52% (67% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-22157 is to immediately upgrade SalesKing to version 1.6.16 or later. If an immediate upgrade is not feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These might include restricting access to SalesKing administrative functions based on user roles and implementing strict input validation to prevent malicious code injection. While a WAF might offer some protection, it is not a substitute for patching. After upgrading, verify the fix by attempting to access administrative functions with a non-administrative user account and confirming that access is denied.
SalesKing प्लगइन को नवीनतम उपलब्ध संस्करण में अपडेट करें। अनाधिकृत विशेषाधिकार वृद्धि (Unauthenticated Privilege Escalation) भेद्यता 1.6.15 के बाद के संस्करणों में ठीक की गई है। अपडेट करने के लिए, WordPress व्यवस्थापक पैनल, 'प्लगइन' अनुभाग पर जाएं और अपडेट करने के लिए 'SalesKing' खोजें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-22157 is a critical vulnerability in SalesKing allowing attackers to gain elevated privileges, potentially compromising the entire WordPress site. It affects versions up to 1.6.15.
Yes, if you are using SalesKing version 1.6.15 or earlier, you are affected by this vulnerability and should upgrade immediately.
Upgrade SalesKing to version 1.6.16 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting access based on user roles.
As of now, there are no publicly known exploits, but the CRITICAL severity suggests a high likelihood of exploitation if a suitable exploit is developed.
Refer to the official SalesKing website or their WordPress plugin page for the latest security advisory and update information.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।