Vulnerability Details CVE-2024-1516
The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the check_for_saas_push() function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrary content.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.1%
CVSS Severity
CVSS v3 Score 5.3
References
- https://plugins.trac.wordpress.org/browser/wp-e-commerce/trunk/wpsc-components/marketplace-core-v1/library/Sputnik.php#L191
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b0a9f3d2-aa7f-4fc2-9cfd-b69ec3f63160?source=cve
- https://plugins.trac.wordpress.org/browser/wp-e-commerce/trunk/wpsc-components/marketplace-core-v1/library/Sputnik.php#L191
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b0a9f3d2-aa7f-4fc2-9cfd-b69ec3f63160?source=cve
Products affected by CVE-2024-1516
-
cpe:2.3:a:zao:wp_ecommerce:3.10.0
-
cpe:2.3:a:zao:wp_ecommerce:3.10.1
-
cpe:2.3:a:zao:wp_ecommerce:3.11.0
-
cpe:2.3:a:zao:wp_ecommerce:3.11.1
-
cpe:2.3:a:zao:wp_ecommerce:3.11.2
-
cpe:2.3:a:zao:wp_ecommerce:3.11.3
-
cpe:2.3:a:zao:wp_ecommerce:3.11.4
-
cpe:2.3:a:zao:wp_ecommerce:3.11.5
-
cpe:2.3:a:zao:wp_ecommerce:3.11.6
-
cpe:2.3:a:zao:wp_ecommerce:3.11.7
-
cpe:2.3:a:zao:wp_ecommerce:3.12.0
-
cpe:2.3:a:zao:wp_ecommerce:3.12.1
-
cpe:2.3:a:zao:wp_ecommerce:3.12.2
-
cpe:2.3:a:zao:wp_ecommerce:3.12.3
-
cpe:2.3:a:zao:wp_ecommerce:3.12.4
-
cpe:2.3:a:zao:wp_ecommerce:3.13.0
-
cpe:2.3:a:zao:wp_ecommerce:3.13.1
-
cpe:2.3:a:zao:wp_ecommerce:3.14.0
-
cpe:2.3:a:zao:wp_ecommerce:3.15
-
cpe:2.3:a:zao:wp_ecommerce:3.6.10
-
cpe:2.3:a:zao:wp_ecommerce:3.6.11
-
cpe:2.3:a:zao:wp_ecommerce:3.6.12
-
cpe:2.3:a:zao:wp_ecommerce:3.6.13
-
cpe:2.3:a:zao:wp_ecommerce:3.6.5
-
cpe:2.3:a:zao:wp_ecommerce:3.6.6
-
cpe:2.3:a:zao:wp_ecommerce:3.6.7
-
cpe:2.3:a:zao:wp_ecommerce:3.6.8
-
cpe:2.3:a:zao:wp_ecommerce:3.6.9
-
cpe:2.3:a:zao:wp_ecommerce:3.7
-
cpe:2.3:a:zao:wp_ecommerce:3.7.1
-
cpe:2.3:a:zao:wp_ecommerce:3.7.2
-
cpe:2.3:a:zao:wp_ecommerce:3.7.3
-
cpe:2.3:a:zao:wp_ecommerce:3.7.4
-
cpe:2.3:a:zao:wp_ecommerce:3.7.5
-
cpe:2.3:a:zao:wp_ecommerce:3.7.5.1
-
cpe:2.3:a:zao:wp_ecommerce:3.7.5.2
-
cpe:2.3:a:zao:wp_ecommerce:3.7.5.3
-
cpe:2.3:a:zao:wp_ecommerce:3.7.6
-
cpe:2.3:a:zao:wp_ecommerce:3.7.6.1
-
cpe:2.3:a:zao:wp_ecommerce:3.7.6.2
-
cpe:2.3:a:zao:wp_ecommerce:3.7.6.3
-
cpe:2.3:a:zao:wp_ecommerce:3.7.6.4
-
cpe:2.3:a:zao:wp_ecommerce:3.7.6.5
-
cpe:2.3:a:zao:wp_ecommerce:3.7.6.6
-
cpe:2.3:a:zao:wp_ecommerce:3.7.6.7
-
cpe:2.3:a:zao:wp_ecommerce:3.7.6.9
-
cpe:2.3:a:zao:wp_ecommerce:3.7.7
-
cpe:2.3:a:zao:wp_ecommerce:3.7.8
-
cpe:2.3:a:zao:wp_ecommerce:3.7.8.1
-
cpe:2.3:a:zao:wp_ecommerce:3.7.8.2
-
cpe:2.3:a:zao:wp_ecommerce:3.7.8.3
-
cpe:2.3:a:zao:wp_ecommerce:3.8
-
cpe:2.3:a:zao:wp_ecommerce:3.8.1
-
cpe:2.3:a:zao:wp_ecommerce:3.8.10
-
cpe:2.3:a:zao:wp_ecommerce:3.8.11
-
cpe:2.3:a:zao:wp_ecommerce:3.8.11.1
-
cpe:2.3:a:zao:wp_ecommerce:3.8.12
-
cpe:2.3:a:zao:wp_ecommerce:3.8.12.1
-
cpe:2.3:a:zao:wp_ecommerce:3.8.12.2
-
cpe:2.3:a:zao:wp_ecommerce:3.8.13
-
cpe:2.3:a:zao:wp_ecommerce:3.8.13.1
-
cpe:2.3:a:zao:wp_ecommerce:3.8.13.2
-
cpe:2.3:a:zao:wp_ecommerce:3.8.13.3
-
cpe:2.3:a:zao:wp_ecommerce:3.8.13.4
-
cpe:2.3:a:zao:wp_ecommerce:3.8.13.5
-
cpe:2.3:a:zao:wp_ecommerce:3.8.14
-
cpe:2.3:a:zao:wp_ecommerce:3.8.14.1
-
cpe:2.3:a:zao:wp_ecommerce:3.8.14.2
-
cpe:2.3:a:zao:wp_ecommerce:3.8.14.3
-
cpe:2.3:a:zao:wp_ecommerce:3.8.14.4
-
cpe:2.3:a:zao:wp_ecommerce:3.8.14.5
-
cpe:2.3:a:zao:wp_ecommerce:3.8.2
-
cpe:2.3:a:zao:wp_ecommerce:3.8.3
-
cpe:2.3:a:zao:wp_ecommerce:3.8.4
-
cpe:2.3:a:zao:wp_ecommerce:3.8.5
-
cpe:2.3:a:zao:wp_ecommerce:3.8.6
-
cpe:2.3:a:zao:wp_ecommerce:3.8.6.1
-
cpe:2.3:a:zao:wp_ecommerce:3.8.7
-
cpe:2.3:a:zao:wp_ecommerce:3.8.7.1
-
cpe:2.3:a:zao:wp_ecommerce:3.8.7.2
-
cpe:2.3:a:zao:wp_ecommerce:3.8.7.3
-
cpe:2.3:a:zao:wp_ecommerce:3.8.7.4
-
cpe:2.3:a:zao:wp_ecommerce:3.8.7.5
-
cpe:2.3:a:zao:wp_ecommerce:3.8.7.6
-
cpe:2.3:a:zao:wp_ecommerce:3.8.7.6.1
-
cpe:2.3:a:zao:wp_ecommerce:3.8.7.6.2
-
cpe:2.3:a:zao:wp_ecommerce:3.8.7.7
-
cpe:2.3:a:zao:wp_ecommerce:3.8.8
-
cpe:2.3:a:zao:wp_ecommerce:3.8.8.1
-
cpe:2.3:a:zao:wp_ecommerce:3.8.8.2
-
cpe:2.3:a:zao:wp_ecommerce:3.8.8.3
-
cpe:2.3:a:zao:wp_ecommerce:3.8.8.4
-
cpe:2.3:a:zao:wp_ecommerce:3.8.8.5
-
cpe:2.3:a:zao:wp_ecommerce:3.8.8.6
-
cpe:2.3:a:zao:wp_ecommerce:3.8.9
-
cpe:2.3:a:zao:wp_ecommerce:3.8.9.1
-
cpe:2.3:a:zao:wp_ecommerce:3.8.9.2
-
cpe:2.3:a:zao:wp_ecommerce:3.8.9.3
-
cpe:2.3:a:zao:wp_ecommerce:3.8.9.4
-
cpe:2.3:a:zao:wp_ecommerce:3.8.9.5
-
cpe:2.3:a:zao:wp_ecommerce:3.8.9.6
-
cpe:2.3:a:zao:wp_ecommerce:3.9
-
cpe:2.3:a:zao:wp_ecommerce:3.9.1
-
cpe:2.3:a:zao:wp_ecommerce:3.9.2
-
cpe:2.3:a:zao:wp_ecommerce:3.9.3
-
cpe:2.3:a:zao:wp_ecommerce:3.9.4
-
cpe:2.3:a:zao:wp_ecommerce:3.9.5