WordPress Plugin Vulnerabilities

Rencontre – Dating Site < 3.11 - Privilege Escalation

Description

The Rencontre plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.10.1. This is due to an unknown issue. This makes it possible for unauthenticated attackers to gain elevated privileges.

Affects Plugins

Plugin icon
rencontre
Fixed in 3.11

References

CVE
CVE-2023-51425
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/b1278291-9fef-40f5-a432-d96f4bed31fe

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
a3085637-1a46-42c6-bcf9-215f526bf0c2

Timeline

Publicly Published
2023-12-27 (about 2 years ago)
Added
2024-01-05 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2021-10-05
Title
Simple Download Monitor < 3.9.6 - Unauthorised Log Reset
Published
2024-06-05
Title
BuddyPress Members Only < 3.4.9 - Improper Access Control to Sensitive Information Exposure via REST API
Published
2022-02-11
Title
Email Subscribers & Newsletters < 5.3.2 - Unauthenticated arbitrary option update
Published
2021-12-27
Title
WP Post Page Clone < 1.2 - Unauthorised Post Access
Published
2020-11-28
Title
BuddyPress < 6.4.0 - Lack of Capability Check on Profile Page