CVE-2024-2172
published 2024-03-13CVE-2024-2172: The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing…
PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.71%
74.5th percentile
The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web Application Firewall). This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cyberlord92 | malware_scanner | <= 4.7.2 | — |
| cyberlord92 | web_application_firewall_website_security | <= 2.1.1 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
cyberlord92 Web Application Firewall Plugin up to 2.1.1 on WordPress improper authentication
vuldb·2026-04-13·CVSS 9.8
CVE-2024-2172 [CRITICAL] cyberlord92 Web Application Firewall Plugin up to 2.1.1 on WordPress improper authentication
A vulnerability was found in cyberlord92 Web Application Firewall Plugin up to 2.1.1 on WordPress. It has been classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authentication.
This vulnerability is documented as CVE-2024-2172. The attack can be initiated remotely. There is not any exploit available.
GHSA
GHSA-r4jv-cv98-6c79: The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a
ghsa_unreviewed·2024-03-13
CVE-2024-2172 [CRITICAL] CWE-304 GHSA-r4jv-cv98-6c79: The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a
The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web Application Firewall). This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator.
VulnCheck
MiniOrange Malware Scanner plugin and Web Application Firewall plugin for WordPress Priviledge Escalation Vulnerability
vulncheck·2024·CVSS 9.8
CVE-2024-2172 [CRITICAL] MiniOrange Malware Scanner plugin and Web Application Firewall plugin for WordPress Priviledge Escalation Vulnerability
MiniOrange Malware Scanner plugin and Web Application Firewall plugin for WordPress Priviledge Escalation Vulnerability
The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web Application Firewall). This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator.
Affected: MiniOrange Malware Scanner plugin and Web Application Firewall plugin for WordPress
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
E
No detection rules found.
No public exploits indexed.
https://plugins.trac.wordpress.org/browser/miniorange-malware-protection/tags/4.7.2/handler/login.php#L89https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3054179%40miniorange-malware-protection&new=3054179%40miniorange-malware-protection&sfp_email=&sfph_mail=https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3054255%40web-application-firewall&new=3054255%40web-application-firewall&sfp_email=&sfph_mail=https://wordpress.org/plugins/miniorange-malware-protection/https://www.wordfence.com/threat-intel/vulnerabilities/id/6347f588-a3fd-4909-ad57-9d78787b5728?source=cvehttps://plugins.trac.wordpress.org/browser/miniorange-malware-protection/tags/4.7.2/handler/login.php#L89https://wordpress.org/plugins/miniorange-malware-protection/https://www.wordfence.com/threat-intel/vulnerabilities/id/6347f588-a3fd-4909-ad57-9d78787b5728?source=cve
2024-03-13
Published
Exploited in the wild