CVE-2024-4875 - Vulnerability Details - OpenCVE

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hasthemes	Ht Mega

Configuration 1 [-]

cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php#L52
https://plugins.trac.wordpress.org/changeset/3088899/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=cve

History

Tue, 28 Jan 2025 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hasthemes Hasthemes ht Mega
Weaknesses		CWE-862
CPEs		cpe:2.3:a:hasthemes:ht_mega:::::free:wordpress::
Vendors & Products		Hasthemes Hasthemes ht Mega

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-05-21T08:31:03.732Z

Updated: 2024-08-01T20:55:10.225Z

Reserved: 2024-05-14T16:29:59.622Z

Link: CVE-2024-4875

Vulnrichment

Updated: 2024-08-01T20:55:10.225Z

NVD

Status : Analyzed

Published: 2024-05-21T09:15:09.103

Modified: 2025-01-28T19:20:29.297

Link: CVE-2024-4875

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4875", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-05-14T16:29:59.622Z", "datePublished": "2024-05-21T08:31:03.732Z", "dateUpdated": "2024-08-01T20:55:10.225Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-21T08:31:03.732Z"}, "affected": [{"vendor": "devitemsllc", "product": "HT Mega \u2013 Absolute Addons For Elementor", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.5.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration."}], "title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php#L52"}, {"url": "https://plugins.trac.wordpress.org/changeset/3088899/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "1337_Wannabe"}], "timeline": [{"time": "2024-05-20T19:51:49.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4875", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-22T17:12:41.497900Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:54:49.611Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:10.225Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php#L52", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3088899/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php#L52", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3088899/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:10.225Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4875", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-22T17:12:41.497900Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-22T17:12:45.812Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "HT Mega \u2013 Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update", "credits": [{"lang": "en", "type": "finder", "value": "1337_Wannabe"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "devitemsllc", "product": "HT Mega \u2013 Absolute Addons For Elementor", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.5.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-05-20T19:51:49.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php#L52"}, {"url": "https://plugins.trac.wordpress.org/changeset/3088899/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php"}], "descriptions": [{"lang": "en", "value": "The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-21T08:31:03.732Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4875", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:55:10.225Z", "dateReserved": "2024-05-14T16:29:59.622Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-05-21T08:31:03.732Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "9F8E02F4-4CC0-4308-ABF8-BBE1284D6154", "versionEndExcluding": "2.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration."}, {"lang": "es", "value": " El complemento HT Mega \u2013 Absolute Addons For Elementor para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos (p\u00e9rdida de datos) debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'ajax_dismiss' en versiones hasta la 2.5.2 incluida. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superiores, actualicen opciones como users_can_register, lo que puede conducir al registro de usuarios no autorizados."}], "id": "CVE-2024-4875", "lastModified": "2025-01-28T19:20:29.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-05-21T09:15:09.103", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php#L52"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3088899/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php#L52"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3088899/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}