Vulnerabilities > CVE-2024-10294 - Unspecified vulnerability in Ce21 Suite

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

ce21

NVD

Published: 2024-11-09

Updated: 2025-01-29

Summary

The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.

Vulnerable Configurations

Part	Description	Count
Application	Ce21 Ce21 Ce21 Suite - Ce21 Ce21 Suite 2.1.1 Ce21 Ce21 Suite 2.1.2 Ce21 Ce21 Suite 2.1.3 Ce21 Ce21 Suite 2.1.4 Ce21 Ce21 Suite 2.1.5 Ce21 Ce21 Suite 2.1.6 Ce21 Ce21 Suite 2.1.7 Ce21 Ce21 Suite 2.1.8 Ce21 Ce21 Suite 2.1.9 Ce21 Ce21 Suite 2.2.0	11

References

https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/includes/ce21-functions.php?rev=3097700#L340
https://www.wordfence.com/threat-intel/vulnerabilities/id/cd6ce97c-fd80-4c43-a4d2-02aa91d11fac?source=cve