CVE-2024-1050 – The Import and export users and customers plugin for WordPress is vulnerable to …

4 May 2024

Vuln ID: CVE-2024-1050

Published: 2024-05-04 08:15:06.840

Description: The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all forced password resets.

Base Score: 4.3 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Source: NVD.NIST.GOV

Date:

4 May 2024

Categorie(s):

NVD

Tag(s):

NVD

How to revamp your cybersecurity in the middle of the chaos18 May 2024
Leveling the cybersecurity playing field18 May 2024
Automated pentesting in the cloud18 May 2024
Hardware cybersecurity leader, Flexxon, introduces Server Defender18 May 2024
Aussie cops probe MediSecure’s ‘large-scale ransomware data breach’18 May 2024