CVE-2024-2505: GamiPress < 6.8.9 - Broken Access Control
First published: Mon Apr 29 2024(Updated: )
The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical GamiPress WordPress plugin before 6.8.9 configurations.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openMairie Openpresse | <6.8.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-2505?
CVE-2024-2505 is classified as a high severity vulnerability due to its impact on access control.
How do I fix CVE-2024-2505?
To fix CVE-2024-2505, update the GamiPress plugin to version 6.8.9 or later.
What are the potential impacts of CVE-2024-2505?
CVE-2024-2505 allows lower privileged users, such as Subscribers, to gain unauthorized access to settings intended for Authors.
Who is affected by CVE-2024-2505?
CVE-2024-2505 affects GamiPress WordPress plugin versions prior to 6.8.9.
What versions of GamiPress are vulnerable to CVE-2024-2505?
GamiPress versions before 6.8.9 are vulnerable to CVE-2024-2505.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gamipress
- canonical/openmairie openpresse