Vulnerability Details CVE-2024-8292
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for unauthenticated attackers to supply any email through the user_email field and update the password for that user during new order creation. This requires the commerce addon to be enabled in order to exploit.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.7%
CVSS Severity
CVSS v3 Score 9.8
References
- https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/add-on/commerce/classes/class-rcl-create-order.php#L127
- https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/add-on/commerce/functions-frontend.php#L113
- https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/rcl-functions.php#L1339
- https://plugins.trac.wordpress.org/changeset/3145798/wp-recall/trunk/add-on/commerce/classes/class-rcl-create-order.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8fa4b5df-dc71-49de-880b-895eb1d9cdca?source=cve
Products affected by CVE-2024-8292
-
cpe:2.3:a:plechevandrey:wp-recall:-
-
cpe:2.3:a:plechevandrey:wp-recall:16.22.10
-
cpe:2.3:a:plechevandrey:wp-recall:16.23.16
-
cpe:2.3:a:plechevandrey:wp-recall:16.23.20
-
cpe:2.3:a:plechevandrey:wp-recall:16.24.48
-
cpe:2.3:a:plechevandrey:wp-recall:16.25.19
-
cpe:2.3:a:plechevandrey:wp-recall:16.26.5
-
cpe:2.3:a:plechevandrey:wp-recall:16.26.6
-
cpe:2.3:a:plechevandrey:wp-recall:16.26.7