CVE-2024-49293Missing Authorization in WP VR

CWE-862Missing Authorization3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 55.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Rextheme WP VR
Timeline
PublishedOct 21

Description

Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through <= 8.5.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5rextheme/wp_vr8.5.4
NVDrextheme/wp_vr8.5.4

🔴Vulnerability Details

2
CVEList
WordPress WP VR plugin <= 8.5.4 - Broken Access Control vulnerability2024-10-21
GHSA
GHSA-88wg-667h-cxj5: Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels2024-10-21
CVE-2024-49293 — Missing Authorization in WP VR | cvebase