CVE-2024-1385

HIGH Year: 2024
CVSS v3 Score
7.1
High
Weakness Type
CWE-862
View all →

Vulnerability Description

The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismiss_notices() function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to the current time, which may completely take a site offline.

Related Vulnerabilities

CVE-2018-14985

HIGH
CVSS:7.1(High)

The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.a...

CWE-8622018

CVE-2018-15005

HIGH
CVSS:7.1(High)

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm...

CWE-8622018

CVE-2018-17490

HIGH
CVSS:7.1(High)

EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes...

CWE-8622018

CVE-2019-14822

HIGH
CVSS:7.1(High)

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server ...

CWE-8622019

CVE-2020-13425

HIGH
CVSS:7.1(High)

TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted.

CWE-8622020

CVE-2020-36720

HIGH
CVSS:7.1(High)

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This m...

CWE-8622020