CVE-2024-43981 — Missing Authorization in Geodirectory

CWE-862 — Missing Authorization3 documents3 sources

Severity

8.8HIGHNVD

CNA4.3

EPSS

0.3%

top 47.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ayecode Geodirectory Ayecode WP Business Directory Plugins Geodirectory

Timeline

PublishedNov 1

Description

Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: from n/a through 2.3.70.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ayecode_wp_business_directory_plugins/geodirectoryn/a — 2.3.70

▶NVDayecode/geodirectory< 2.3.71

🔴Vulnerability Details

GHSA

GHSA-q2v5-68x7-3p6j: Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Se↗2024-11-01

▶

CVEList

WordPress GeoDirectory plugin <= 2.3.70 - Broken Access Control vulnerability↗2024-11-01

▶