Vulnerability Details CVE-2024-1093
The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory limit.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.8%
CVSS Severity
CVSS v3 Score 5.3
References
- https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104
- https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve
- https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104
- https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve
Products affected by CVE-2024-1093
-
cpe:2.3:a:simon99:change_memory_limit:1.0