CVE-2024-9215 (GCVE-0-2024-9215)
Vulnerability from cvelistv5 – Published: 2024-10-17 02:06 – Updated: 2026-04-08 17:24
VLAI
Title
Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover
Summary
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the 'authors-user_id' user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update arbitrary user accounts email addresses, including administrators, which can then be leveraged to reset that user's account password and gain access.
Severity
8.8 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| publishpress | Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors |
Affected:
0 , ≤ 4.7.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:publishpress:authors:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "authors",
"vendor": "publishpress",
"versions": [
{
"lessThanOrEqual": "4.7.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T16:11:01.287328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T16:15:04.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors",
"vendor": "publishpress",
"versions": [
{
"lessThanOrEqual": "4.7.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the \u0027authors-user_id\u0027 user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update arbitrary user accounts email addresses, including administrators, which can then be leveraged to reset that user\u0027s account password and gain access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:24:51.431Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0506137-82e3-4988-9b23-370465a866c0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/publishpress-authors/tags/4.7.1/src/core/Classes/Author_Editor.php#L594"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3169244%40publishpress-authors\u0026new=3169244%40publishpress-authors\u0026sfp_email=\u0026sfph_mail=#file7"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-16T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors \u003c= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9215",
"datePublished": "2024-10-17T02:06:04.689Z",
"dateReserved": "2024-09-26T16:03:28.660Z",
"dateUpdated": "2026-04-08T17:24:51.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-9215",
"date": "2026-05-31",
"epss": "0.00338",
"percentile": "0.56805"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the \u0027authors-user_id\u0027 user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update arbitrary user accounts email addresses, including administrators, which can then be leveraged to reset that user\u0027s account password and gain access.\"}, {\"lang\": \"es\", \"value\": \"El complemento Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors para WordPress es vulnerable a Insecure Direct Object Reference to Privilege Escalation/Account Takeover en todas las versiones hasta la 4.7.1 incluida a trav\\u00e9s de action_edited_author() debido a la falta de validaci\\u00f3n en la clave controlada por el usuario \u0027authors-user_id\u0027. Esto permite que atacantes autenticados, con acceso de nivel de autor y superior, actualicen direcciones de correo electr\\u00f3nico de cuentas de usuario arbitrarias, incluidos administradores, que luego se pueden aprovechar para restablecer la contrase\\u00f1a de la cuenta de ese usuario y obtener acceso.\"}]",
"id": "CVE-2024-9215",
"lastModified": "2024-10-18T12:53:04.627",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@wordfence.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2024-10-17T02:15:02.977",
"references": "[{\"url\": \"https://plugins.trac.wordpress.org/browser/publishpress-authors/tags/4.7.1/src/core/Classes/Author_Editor.php#L594\", \"source\": \"security@wordfence.com\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3169244%40publishpress-authors\u0026new=3169244%40publishpress-authors\u0026sfp_email=\u0026sfph_mail=#file7\", \"source\": \"security@wordfence.com\"}, {\"url\": \"https://www.wordfence.com/threat-intel/vulnerabilities/id/d0506137-82e3-4988-9b23-370465a866c0?source=cve\", \"source\": \"security@wordfence.com\"}]",
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security@wordfence.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-639\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-9215\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2024-10-17T02:15:02.977\",\"lastModified\":\"2024-10-18T12:53:04.627\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the \u0027authors-user_id\u0027 user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update arbitrary user accounts email addresses, including administrators, which can then be leveraged to reset that user\u0027s account password and gain access.\"},{\"lang\":\"es\",\"value\":\"El complemento Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors para WordPress es vulnerable a Insecure Direct Object Reference to Privilege Escalation/Account Takeover en todas las versiones hasta la 4.7.1 incluida a trav\u00e9s de action_edited_author() debido a la falta de validaci\u00f3n en la clave controlada por el usuario \u0027authors-user_id\u0027. Esto permite que atacantes autenticados, con acceso de nivel de autor y superior, actualicen direcciones de correo electr\u00f3nico de cuentas de usuario arbitrarias, incluidos administradores, que luego se pueden aprovechar para restablecer la contrase\u00f1a de la cuenta de ese usuario y obtener acceso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"references\":[{\"url\":\"https://plugins.trac.wordpress.org/browser/publishpress-authors/tags/4.7.1/src/core/Classes/Author_Editor.php#L594\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3169244%40publishpress-authors\u0026new=3169244%40publishpress-authors\u0026sfp_email=\u0026sfph_mail=#file7\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://www.wordfence.com/threat-intel/vulnerabilities/id/d0506137-82e3-4988-9b23-370465a866c0?source=cve\",\"source\":\"security@wordfence.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-9215\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-17T16:11:01.287328Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:publishpress:authors:*:*:*:*:*:*:*:*\"], \"vendor\": \"publishpress\", \"product\": \"authors\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.7.1\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-17T16:14:59.752Z\"}}], \"cna\": {\"title\": \"Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors \u003c= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"wesley\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"publishpress\", \"product\": \"Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.7.1\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-10-16T00:00:00.000Z\", \"value\": \"Disclosed\"}], \"references\": [{\"url\": \"https://www.wordfence.com/threat-intel/vulnerabilities/id/d0506137-82e3-4988-9b23-370465a866c0?source=cve\"}, {\"url\": \"https://plugins.trac.wordpress.org/browser/publishpress-authors/tags/4.7.1/src/core/Classes/Author_Editor.php#L594\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3169244%40publishpress-authors\u0026new=3169244%40publishpress-authors\u0026sfp_email=\u0026sfph_mail=#file7\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the \u0027authors-user_id\u0027 user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update arbitrary user accounts email addresses, including administrators, which can then be leveraged to reset that user\u0027s account password and gain access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-639\", \"description\": \"CWE-639 Authorization Bypass Through User-Controlled Key\"}]}], \"providerMetadata\": {\"orgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"shortName\": \"Wordfence\", \"dateUpdated\": \"2026-04-08T17:24:51.431Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-9215\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-08T17:24:51.431Z\", \"dateReserved\": \"2024-09-26T16:03:28.660Z\", \"assignerOrgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"datePublished\": \"2024-10-17T02:06:04.689Z\", \"assignerShortName\": \"Wordfence\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…