How severe is CVE-2024-2472?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-2472?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2024-2472 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view other customer's cabinets, including the ability to view PII such as email addresses and to change their LatePoint user password, which may or may not be associated with a WordPress account.

Related Vulnerabilities

CVE-2019-17382

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Repor...

CWE-6392019

CVE-2019-17574

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or p...

CWE-6392019

CVE-2019-19755

CRITICAL

CVSS:9.1(Critical)

ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: a...

CWE-6392019

CVE-2021-32654

CRITICAL

CVSS:9.1(Critical)

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. ...

CWE-6392021

CVE-2022-1165

CRITICAL

CVSS:9.1(Critical)

The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be...

CWE-6392022

CVE-2022-36247

CRITICAL

CVSS:9.1(Critical)

Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za.

CWE-6392022