What the vulnerability does
01Description
Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.10.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.10.
Explanation of Vulnerability in Simple Terms
Crumber versions 1.0.10 and earlier lack proper authorization checks, allowing authenticated users to modify or disable site functionality. An attacker with low-level account access can alter settings or data without proper permission validation. The vulnerability affects integrity and availability but not confidentiality. Update to a version newer than 1.0.10.
What an attacker can do
Modify site settings or disable functionality without proper authorization.
Potential impact on your site
Authenticated users can alter site configuration or disable features they shouldn't access.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources