How severe is CVE-2024-4566?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2024-4566?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2024-4566

HIGH Year: 2024

CVSS v3 Score

7.1

High

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access and above, to set arbitrary WordPress options to "true". NOTE: This vulnerability can be exploited by attackers with subscriber- or customer-level access and above if (1) the WooCommerce plugin is deactivated or (2) access to the default WordPress admin dashboard is explicitly enabled for authenticated users.

CVE-2010-2537

HIGH

CVSS:7.1(High)

The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl ca...

NVD-CWE-Other2010

CVE-2015-8698

HIGH

CVSS:7.1(High)

CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary ...

NVD-CWE-Other2015

CVE-2016-3470

HIGH

CVSS:7.1(High)

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.4.1 allows remote authenticated users to affect confidentiality and integrity via ve...

NVD-CWE-Other2016

CVE-2016-3530

HIGH

CVSS:7.1(High)

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors rel...

NVD-CWE-Other2016