CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8853

The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.9%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2024-8853

Medialibs » Webo-Facto » Version: N/A

cpe:2.3:a:medialibs:webo-facto:-
Medialibs » Webo-Facto » Version: 1.0

cpe:2.3:a:medialibs:webo-facto:1.0
Medialibs » Webo-Facto » Version: 1.1

cpe:2.3:a:medialibs:webo-facto:1.1
Medialibs » Webo-Facto » Version: 1.10

cpe:2.3:a:medialibs:webo-facto:1.10
Medialibs » Webo-Facto » Version: 1.11

cpe:2.3:a:medialibs:webo-facto:1.11
Medialibs » Webo-Facto » Version: 1.12

cpe:2.3:a:medialibs:webo-facto:1.12
Medialibs » Webo-Facto » Version: 1.13

cpe:2.3:a:medialibs:webo-facto:1.13
Medialibs » Webo-Facto » Version: 1.14

cpe:2.3:a:medialibs:webo-facto:1.14
Medialibs » Webo-Facto » Version: 1.15

cpe:2.3:a:medialibs:webo-facto:1.15
Medialibs » Webo-Facto » Version: 1.16

cpe:2.3:a:medialibs:webo-facto:1.16
Medialibs » Webo-Facto » Version: 1.17

cpe:2.3:a:medialibs:webo-facto:1.17
Medialibs » Webo-Facto » Version: 1.18

cpe:2.3:a:medialibs:webo-facto:1.18
Medialibs » Webo-Facto » Version: 1.19

cpe:2.3:a:medialibs:webo-facto:1.19
Medialibs » Webo-Facto » Version: 1.2

cpe:2.3:a:medialibs:webo-facto:1.2
Medialibs » Webo-Facto » Version: 1.20

cpe:2.3:a:medialibs:webo-facto:1.20
Medialibs » Webo-Facto » Version: 1.21

cpe:2.3:a:medialibs:webo-facto:1.21
Medialibs » Webo-Facto » Version: 1.22

cpe:2.3:a:medialibs:webo-facto:1.22
Medialibs » Webo-Facto » Version: 1.23

cpe:2.3:a:medialibs:webo-facto:1.23
Medialibs » Webo-Facto » Version: 1.24

cpe:2.3:a:medialibs:webo-facto:1.24
Medialibs » Webo-Facto » Version: 1.25

cpe:2.3:a:medialibs:webo-facto:1.25
Medialibs » Webo-Facto » Version: 1.26

cpe:2.3:a:medialibs:webo-facto:1.26
Medialibs » Webo-Facto » Version: 1.27

cpe:2.3:a:medialibs:webo-facto:1.27
Medialibs » Webo-Facto » Version: 1.28

cpe:2.3:a:medialibs:webo-facto:1.28
Medialibs » Webo-Facto » Version: 1.29

cpe:2.3:a:medialibs:webo-facto:1.29
Medialibs » Webo-Facto » Version: 1.3

cpe:2.3:a:medialibs:webo-facto:1.3
Medialibs » Webo-Facto » Version: 1.30

cpe:2.3:a:medialibs:webo-facto:1.30
Medialibs » Webo-Facto » Version: 1.31

cpe:2.3:a:medialibs:webo-facto:1.31
Medialibs » Webo-Facto » Version: 1.32

cpe:2.3:a:medialibs:webo-facto:1.32
Medialibs » Webo-Facto » Version: 1.33

cpe:2.3:a:medialibs:webo-facto:1.33
Medialibs » Webo-Facto » Version: 1.34

cpe:2.3:a:medialibs:webo-facto:1.34
Medialibs » Webo-Facto » Version: 1.35

cpe:2.3:a:medialibs:webo-facto:1.35
Medialibs » Webo-Facto » Version: 1.36

cpe:2.3:a:medialibs:webo-facto:1.36
Medialibs » Webo-Facto » Version: 1.37

cpe:2.3:a:medialibs:webo-facto:1.37
Medialibs » Webo-Facto » Version: 1.38

cpe:2.3:a:medialibs:webo-facto:1.38
Medialibs » Webo-Facto » Version: 1.39

cpe:2.3:a:medialibs:webo-facto:1.39
Medialibs » Webo-Facto » Version: 1.4

cpe:2.3:a:medialibs:webo-facto:1.4
Medialibs » Webo-Facto » Version: 1.40

cpe:2.3:a:medialibs:webo-facto:1.40
Medialibs » Webo-Facto » Version: 1.5

cpe:2.3:a:medialibs:webo-facto:1.5
Medialibs » Webo-Facto » Version: 1.6

cpe:2.3:a:medialibs:webo-facto:1.6
Medialibs » Webo-Facto » Version: 1.7

cpe:2.3:a:medialibs:webo-facto:1.7
Medialibs » Webo-Facto » Version: 1.8

cpe:2.3:a:medialibs:webo-facto:1.8
Medialibs » Webo-Facto » Version: 1.9

cpe:2.3:a:medialibs:webo-facto:1.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8853

Products

Pricing

Contact Us