The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs
References
Configurations
History
21 Nov 2024, 08:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030843%40wp-club-manager&new=3030843%40wp-club-manager&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/64c2c8c2-58f5-4b7d-b226-39ba39e887d5?source=cve - Third Party Advisory |
13 Feb 2024, 14:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:wpclubmanager:wp_club_manager:*:*:*:*:*:wordpress:*:* | |
Summary |
|
|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030843%40wp-club-manager&new=3030843%40wp-club-manager&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/64c2c8c2-58f5-4b7d-b226-39ba39e887d5?source=cve - Third Party Advisory | |
First Time |
Wpclubmanager wp Club Manager
Wpclubmanager |
|
CWE | CWE-862 |
05 Feb 2024, 22:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-05 22:16
Updated : 2024-11-21 08:49
NVD link : CVE-2024-1177
Mitre link : CVE-2024-1177
CVE.ORG link : CVE-2024-1177
JSON object : View
Products Affected
wpclubmanager
- wp_club_manager
CWE
CWE-862
Missing Authorization