Search criteria
2 vulnerabilities found for WP Helper Premium by matbao
CVE-2024-9065 (GCVE-0-2024-9065)
Vulnerability from cvelistv5 – Published: 2024-10-10 02:06 – Updated: 2024-10-10 17:38
VLAI?
Title
WP Helper Premium <= 4.6.1 - Missing Authorization in whp_smtp_send_mail_test
Summary
The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| matbao | WP Helper Premium |
Affected:
* , ≤ 4.6.1
(semver)
|
Credits
Francesco Carlucci
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:37:55.539218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:38:07.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Helper Premium",
"vendor": "matbao",
"versions": [
{
"lessThanOrEqual": "4.6.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027whp_smtp_send_mail_test\u0027 function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T02:06:08.162Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f3c6d98-6f30-4a98-91c9-e77c1f960527?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-helper-lite/trunk/functions/class.wps-frontend-setup-function.php#L55"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-09T13:29:15.000+00:00",
"value": "Disclosed"
}
],
"title": "WP Helper Premium \u003c= 4.6.1 - Missing Authorization in whp_smtp_send_mail_test"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9065",
"datePublished": "2024-10-10T02:06:08.162Z",
"dateReserved": "2024-09-20T22:12:14.639Z",
"dateUpdated": "2024-10-10T17:38:07.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9065 (GCVE-0-2024-9065)
Vulnerability from nvd – Published: 2024-10-10 02:06 – Updated: 2024-10-10 17:38
VLAI?
Title
WP Helper Premium <= 4.6.1 - Missing Authorization in whp_smtp_send_mail_test
Summary
The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| matbao | WP Helper Premium |
Affected:
* , ≤ 4.6.1
(semver)
|
Credits
Francesco Carlucci
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:37:55.539218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:38:07.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Helper Premium",
"vendor": "matbao",
"versions": [
{
"lessThanOrEqual": "4.6.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027whp_smtp_send_mail_test\u0027 function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T02:06:08.162Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f3c6d98-6f30-4a98-91c9-e77c1f960527?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-helper-lite/trunk/functions/class.wps-frontend-setup-function.php#L55"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-09T13:29:15.000+00:00",
"value": "Disclosed"
}
],
"title": "WP Helper Premium \u003c= 4.6.1 - Missing Authorization in whp_smtp_send_mail_test"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9065",
"datePublished": "2024-10-10T02:06:08.162Z",
"dateReserved": "2024-09-20T22:12:14.639Z",
"dateUpdated": "2024-10-10T17:38:07.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}