What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through <= 1.1.24.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through <= 1.1.24.
Explanation of Vulnerability in Simple Terms
CubeWP versions up to 1.1.24 contain a privilege escalation vulnerability affecting authenticated users. A logged-in attacker with low privileges can read sensitive data, modify site content, and disrupt service. The vulnerability requires network access and valid credentials but no additional user interaction. Update to a version newer than 1.1.24 immediately.
What an attacker can do
Read sensitive data, modify content, and disrupt the site's availability.
Potential impact on your site
Authenticated users can escalate privileges to access admin functions and compromise site integrity.
Conditions required to exploit
Attacker must have a valid login account with low-level privileges.
Key dates
External resources