CVE-2024-2298

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Mar 8, 2024

CWE ID 94

Summary

CVE-2024-2298 is a vulnerability affecting the WordPress Affiliate Plugin, specifically versions 3.5.4 and below of the affiliate-toolkit plugin. This issue arises due to a missing capability check on the atkp_import_product() function, enabling authenticated attackers, even those with subscriber-level access, to execute unauthorized actions such as importing products. This weakness could lead to potential misuse and compromises, highlighting the importance of keeping plugins updated to mitigate such risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uG0KbV
https://www.cve.org/CVERecord?id=CVE-2024-2298
https://nvd.nist.gov/vuln/detail/CVE-2024-2298

Back to Vulnerability Database

CVE-2024-2298

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations