How severe is CVE-2024-10520?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-10520?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2024-10520 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version 2.6.14. This makes it possible for unauthenticated attackers to create milestones, create task lists, create tasks, or delete tasks in any project. NOTE: Version 2.6.14 implemented a partial fix for this vulnerability.

Related Vulnerabilities

CVE-2017-1000105

MEDIUM

CVSS:5.3(Medium)

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was...

CWE-8622017

CVE-2017-8217

MEDIUM

CVSS:5.3(Medium)

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.

CWE-8622017

CVE-2018-1000022

MEDIUM

CVSS:5.3(Medium)

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wa...

CWE-8622018

CVE-2018-10207

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted...

CWE-8622018

CVE-2018-18004

MEDIUM

CVSS:5.3(Medium)

Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL paramet...

CWE-8622018

CVE-2018-21257

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API.

CWE-8622018