Lucene search

K
cveWordfenceCVE-2024-1170
HistoryMar 07, 2024 - 11:15 a.m.

CVE-2024-1170

2024-03-0711:15:07
Wordfence
web.nvd.nist.gov
37
wordpress
plugin
vulnerability
media file deletion
unauthorized access
cve-2024-1170

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

AI Score

8.6

Confidence

High

EPSS

0

Percentile

15.5%

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files.

Affected configurations

Vulners
Node
svenl77post_form_–_registration_form_–_profile_form_for_user_profiles_–_frontend_content_forms_for_user_submissions_\(ugc\)Range2.8.7wordpress
VendorProductVersionCPE
svenl77post_form_–_registration_form_–_profile_form_for_user_profiles_–_frontend_content_forms_for_user_submissions_\(ugc\)*cpe:2.3:a:svenl77:post_form_–_registration_form_–_profile_form_for_user_profiles_–_frontend_content_forms_for_user_submissions_\(ugc\):*:*:*:*:*:wordpress:*:*

CNA Affected

[
  {
    "vendor": "svenl77",
    "product": "Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.8.7",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

AI Score

8.6

Confidence

High

EPSS

0

Percentile

15.5%