CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-1318

Medium Severity
Themeisle
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00169/1

CVE-2024-1318: Unauthorized data modification vulnerability in the Feedzy WordPress plugin. This flaw allows contributors to bypass restrictions and publish arbitrary content.

CVE-2024-1318 affects the RSS Aggregator by Feedzy WordPress plugin, versions 4.4.2 and earlier. A missing capability check on the 'feedzy_wizard_step_process' and 'import_status' functions enables authenticated attackers with Contributor access or higher to draft and publish posts containing any content they choose, effectively escalating their privileges within the WordPress site. This vulnerability (CWE-862) poses a significant risk of unauthorized content injection and potential compromise of website integrity. While the CVSS score is 0, SOCRadar's Vulnerability Risk Score (SVRS) is 30, indicating a moderate risk that should be addressed, though not with the urgency of a critical vulnerability (SVRS > 80). Given this is tagged as 'In The Wild', the exploit is likely already in use, underscoring the need for patching. Patching to a later version is the best mitigation to secure the plugin.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-02-29
LAST MODIFIED2024-12-31

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-1318 | Feedzy RSS Aggregator Plugin up to 4.4.2 on WordPress Page authorization (ID 3033749)
vuldb.com2024-12-31
CVE-2024-1318 | Feedzy RSS Aggregator Plugin up to 4.4.2 on WordPress Page authorization (ID 3033749) | A vulnerability classified as critical was found in Feedzy RSS Aggregator Plugin up to 4.4.2 on WordPress. This vulnerability affects unknown code of the component Page Handler. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-1318. The attack can be initiated remotely. There is
vuldb.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
AppThemeislerss_aggregator_by_feedzy

References

ReferenceLink
[email protected]https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-admin.php#L1053
[email protected]https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-import.php#L1022
[email protected]https://plugins.trac.wordpress.org/changeset/3033749/feedzy-rss-feeds/tags/4.4.3/includes/admin/feedzy-rss-feeds-admin.php?old=3030538&old_path=feedzy-rss-feeds%2Ftags%2F4.4.2%2Fincludes%2Fadmin%2Ffeedzy-rss-feeds-admin.php
[email protected]https://www.wordfence.com/threat-intel/vulnerabilities/id/181edcec-a57d-4516-935d-6777d2de77ae?source=cve
AF854A3A-2127-422B-91AE-364DA2661108https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-admin.php#L1053
AF854A3A-2127-422B-91AE-364DA2661108https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-import.php#L1022
AF854A3A-2127-422B-91AE-364DA2661108https://plugins.trac.wordpress.org/changeset/3033749/feedzy-rss-feeds/tags/4.4.3/includes/admin/feedzy-rss-feeds-admin.php?old=3030538&old_path=feedzy-rss-feeds%2Ftags%2F4.4.2%2Fincludes%2Fadmin%2Ffeedzy-rss-feeds-admin.php
AF854A3A-2127-422B-91AE-364DA2661108https://www.wordfence.com/threat-intel/vulnerabilities/id/181edcec-a57d-4516-935d-6777d2de77ae?source=cve
[email protected]https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-admin.php#L1053
[email protected]https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-import.php#L1022
[email protected]https://plugins.trac.wordpress.org/changeset/3033749/feedzy-rss-feeds/tags/4.4.3/includes/admin/feedzy-rss-feeds-admin.php?old=3030538&old_path=feedzy-rss-feeds%2Ftags%2F4.4.2%2Fincludes%2Fadmin%2Ffeedzy-rss-feeds-admin.php
[email protected]https://www.wordfence.com/threat-intel/vulnerabilities/id/181edcec-a57d-4516-935d-6777d2de77ae?source=cve

CWE Details

CWE IDCWE NameDescription
CWE-862Missing AuthorizationThe software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence