In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between September 24-25, 2024.
During this period, The National Vulnerability Database published 18, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 3
Medium: 12
Low: 0
Severity Not Assigned: 0
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-8795
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the my_account_update() function. This makes it possible for unauthenticated attackers to update a user's account details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to reset a user's password and gain access to their account.
References: https://plugins.trac.wordpress.org/browser/ba-book-everything/tags/1.6.20/includes/class-babe-my-account.php#L562
https://plugins.trac.wordpress.org/browser/ba-book-everything/tags/1.6.20/includes/class-babe-users.php#L203
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3152728%40ba-book-everything&new=3152728%40ba-book-everything&sfp_email=&sfph_mail=#file3
https://www.wordfence.com/threat-intel/vulnerabilities/id/b691560e-e285-467c-9d52-1620c63de1f0?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
2. CVE-2022-2439
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using a PHAR wrapper, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.
References: https://plugins.trac.wordpress.org/changeset/3154854/easy-digital-downloads/tags/3.3.4/includes/admin/import/import-functions.php
https://plugins.trac.wordpress.org/changeset/3154854/easy-digital-downloads/tags/3.3.4/src/Utils/FileSystem.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/644c8702-08ad-4048-ae91-041f1771f1dc?source=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-8623
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
References: https://plugins.trac.wordpress.org/browser/wp-meta-data-filter-and-taxonomy-filter/trunk/classes/page.php#L248
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3150646%40wp-meta-data-filter-and-taxonomy-filter&new=3150646%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/ba584e02-5242-4869-a452-21e6b8995bd8?source=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-8624
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3153150%40wp-meta-data-filter-and-taxonomy-filter&new=3153150%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/8f50812a-c6a7-4bb3-9833-e10acd0460c0?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-8671
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to overwrite arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
References: https://codecanyon.net/item/wooevents-calendar-and-event-booking/15598178
https://www.wordfence.com/threat-intel/vulnerabilities/id/3d7af96a-5a3c-4291-a369-f6ed78f72a3f?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-8791
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied through the update_core_user() function. This makes it possible for unauthenticated attackers to update the email address and password of arbitrary user accounts, including administrators, which can then be used to log in to those user accounts.
References: https://plugins.trac.wordpress.org/browser/charitable/tags/1.8.1.14/includes/users/class-charitable-user.php#L872
https://plugins.trac.wordpress.org/changeset/3154009/charitable/trunk/includes/users/class-charitable-user.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/0ee60943-b583-4a99-8e62-846b380c98aa?source=cve
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between September 24-25, 2024.
During this period, The National Vulnerability Database published 18, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 3
Medium: 12
Low: 0
Severity Not Assigned: 0
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-8795
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the my_account_update() function. This makes it possible for unauthenticated attackers to update a user's account details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to reset a user's password and gain access to their account.
References: https://plugins.trac.wordpress.org/browser/ba-book-everything/tags/1.6.20/includes/class-babe-my-account.php#L562
https://plugins.trac.wordpress.org/browser/ba-book-everything/tags/1.6.20/includes/class-babe-users.php#L203
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3152728%40ba-book-everything&new=3152728%40ba-book-everything&sfp_email=&sfph_mail=#file3
https://www.wordfence.com/threat-intel/vulnerabilities/id/b691560e-e285-467c-9d52-1620c63de1f0?source=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
2. CVE-2022-2439
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using a PHAR wrapper, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.
References: https://plugins.trac.wordpress.org/changeset/3154854/easy-digital-downloads/tags/3.3.4/includes/admin/import/import-functions.php
https://plugins.trac.wordpress.org/changeset/3154854/easy-digital-downloads/tags/3.3.4/src/Utils/FileSystem.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/644c8702-08ad-4048-ae91-041f1771f1dc?source=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-8623
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
References: https://plugins.trac.wordpress.org/browser/wp-meta-data-filter-and-taxonomy-filter/trunk/classes/page.php#L248
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3150646%40wp-meta-data-filter-and-taxonomy-filter&new=3150646%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/ba584e02-5242-4869-a452-21e6b8995bd8?source=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-8624
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3153150%40wp-meta-data-filter-and-taxonomy-filter&new=3153150%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/8f50812a-c6a7-4bb3-9833-e10acd0460c0?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-8671
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to overwrite arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
References: https://codecanyon.net/item/wooevents-calendar-and-event-booking/15598178
https://www.wordfence.com/threat-intel/vulnerabilities/id/3d7af96a-5a3c-4291-a369-f6ed78f72a3f?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-8791
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied through the update_core_user() function. This makes it possible for unauthenticated attackers to update the email address and password of arbitrary user accounts, including administrators, which can then be used to log in to those user accounts.
References: https://plugins.trac.wordpress.org/browser/charitable/tags/1.8.1.14/includes/users/class-charitable-user.php#L872
https://plugins.trac.wordpress.org/changeset/3154009/charitable/trunk/includes/users/class-charitable-user.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/0ee60943-b583-4a99-8e62-846b380c98aa?source=cve
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found