admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-12309.md

20 lines
1.0 KiB
Markdown
Raw Permalink Normal View History

Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
### [CVE-2024-12309](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12309)
![](https://img.shields.io/static/v1?label=Product&message=Rate%20My%20Post%20%E2%80%93%20Star%20Rating%20Plugin%20by%20FeedbackWP&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brightgreen)
### Description
The Rate My Post Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to vote on unpublished scheduled posts.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/20142995/nuclei-templates
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/fkie-cad/nvd-json-data-feeds
Reference in New Issue Copy Permalink