CVE-2024-30464
published 2024-06-09CVE-2024-30464: Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through…
PriorityP258high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
1.52%
71.4th percentile
Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through 4.2.15.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpzoom | social_icons_widget | < 4.2.16 | 4.2.16 |
| wpzoom | social_icons_widget_block_by_wpzoom | n/a – 4.2.15 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring POST requests to /wp-admin/admin-ajax.php with the action parameter set to 'zoom_ajax_set_pointer_transient', which is the vulnerable AJAX endpoint requiring no special authorization. ↗
- →A successful exploitation response contains both the string 'Done, transient is set' and '"success":true' in the response body. ↗
- →Fingerprint vulnerable installations by fetching the plugin readme.txt and checking for a stable tag version of 4.2.15 or below. ↗
- →The exploit requires only low-privilege authenticated access (PR:L); monitor for low-privilege WordPress users making AJAX calls to the zoom_ajax_set_pointer_transient action. ↗
- ·The vulnerability affects WPZOOM Social Icons Widget & Block versions up to and including 4.2.15; version 4.2.16 and later are patched. ↗
- ·Exploitation requires no special conditions beyond low-privilege authentication (a standard WordPress subscriber account is sufficient). ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WPZOOM Social Icons Widget <= 4.2.15 - Missing Authorization
nuclei·CVSS 8.8
CVE-2024-30464 [HIGH] WPZOOM Social Icons Widget <= 4.2.15 - Missing Authorization
WPZOOM Social Icons Widget <= 4.2.15 - Missing Authorization
WPZOOM Social Icons Widget & Block versions up to 4.2.15 contain a missing authorization vulnerability caused by insufficient access control in the widget and block, letting attackers perform unauthorized actions, exploit requires no special conditions.
Template:
id: CVE-2024-30464
info:
name: WPZOOM Social Icons Widget <= 4.2.15 - Missing Authorization
author: pussycat0x
severity: medium
description: |
WPZOOM Social Icons Widget & Block versions up to 4.2.15 contain a missing authorization vulnerability caused by insufficient access control in the widget and block, letting attackers perform unauthorized actions, exploit requires no special conditions.
impact: |
Attackers can perform unauthorized actions, potentially leading
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/social-icons-widget-by-wpzoom/wordpress-social-icons-widget-block-by-wpzoom-plugin-4-2-15-broken-access-control-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/social-icons-widget-by-wpzoom/wordpress-social-icons-widget-block-by-wpzoom-plugin-4-2-15-broken-access-control-vulnerability?_s_id=cve
2024-06-09
Published