CVE-2024-4745 — Missing Authorization in Rafflepress

CWE-862 — Missing Authorization3 documents3 sources

Severity

6.3MEDIUMNVD

CNA4.3

EPSS

0.1%

top 72.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Seedprod Rafflepress Rafflepress Giveaways AND Contests BY Rafflepress

Timeline

PublishedJun 10

Description

Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5rafflepress/giveaways_and_contests_by_rafflepressn/a — 1.12.4

▶NVDseedprod/rafflepress< 1.12.5

🔴Vulnerability Details

GHSA

GHSA-m95c-chfx-gfmj: Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress↗2024-06-10

▶

CVEList

WordPress Giveaways and Contests by RafflePress plugin <= 1.12.4 - Broken Access Control vulnerability↗2024-06-10

▶