My Contador lesr Plugin for WordPress Vulnerable to Unauthenticated Data Export (DC-2024-11334 – Medium)

2024-11-26

:

The My Contador lesr plugin for WordPress has a vulnerability (CVE-2024-11334) that allows attackers to export user data without authorization. This is due to a missing capability check in the plugin’s `exportar_registros()` function, affecting all versions up to and including 2.0.

Vulnerability Details:

Platform: WordPress
Version: My Contador lesr plugin <= 2.0 Vulnerability: Unauthenticated Stored Cross-Site Scripting (XSS) Severity: Medium (CVSS: 3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) Date: November 21, 2024 (published by NIST)

What Undercode Says:

This vulnerability can be exploited by attackers to steal user data from your WordPress site. It’s crucial to update the My Contador lesr plugin to a patched version as soon as possible. If an update is unavailable, consider deactivating the plugin until a fix is released.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top