Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Malware Scanner Privilege Escalation (4.7.2)

Description

WordPress Plugin Malware Scanner is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin Malware Scanner version 4.7.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 4.7.3 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:D95F761F-5385-482A-8C69-560E920267AF

https://www.wordfence.com/blog/2024/03/critical-vulnerability-remains-unpatched-in-two-permanently-closed-miniorange-wordpress-plugins-1250-bounty-awarded/

https://plugins.svn.wordpress.org/miniorange-malware-protection/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Survey Maker-Best WordPress Survey SQL Injection (3.1.1)

WordPress Plugin Advanced Custom Fields (ACF) PHP Object Injection (6.0.7)

WordPress Plugin WPML (WordPress Multilingual) Multiple Vulnerabilities (3.1.8.6)

WordPress Plugin WP Statistics SQL Injection (13.1.4)

phpBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-5688)

Severity

High

Classification

CVE-2024-2172 CWE-269 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Privilege Escalation