CVE-2024-1093

The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory limit.

CVSS

No CVSS.

References

Link	Resource
https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve	Third Party Advisory
https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:simon99:change_memory_limit:1.0:*:*:*:*:wordpress:*:*

History

23 Dec 2024, 17:03

Type	Values Removed	Values Added
References	~~() https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104 -~~	() https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104 - Product
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve - Third Party Advisory
First Time		Simon99 Simon99 change Memory Limit
CWE		CWE-862
CPE		cpe:2.3:a:simon99:change_memory_limit:1.0:::::wordpress::

05 Mar 2024, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-05 02:15

Updated : 2024-12-23 17:03

NVD link : CVE-2024-1093

Mitre link : CVE-2024-1093

JSON object : View

Products Affected

simon99

change_memory_limit

CWE

CWE-862

Missing Authorization

JSON object

Attach tags to CVE-2024-1093

Attach tags to `CVE-2024-1093`