Lucene search

[email protected]CVE-2024-1733

HistoryMar 16, 2024 - 6:15 a.m.

CVE-2024-1733

2024-03-1606:15:13

[email protected]

web.nvd.nist.gov

word replacer pro

wordpress

vulnerability

unauthorized modification

nvd

cve-2024-1733

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

8.4%

JSON

The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site.

References

plugins.trac.wordpress.org/browser/word-replacer-ultra/trunk/inc/word-replacer-ultra-ajax.php#L16

www.wordfence.com/threat-intel/vulnerabilities/id/1da53718-c2a2-45d0-ad43-daff3c68342d?source=cve

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

8.4%

JSON

Related for CVE-2024-1733

cvelist1 wpvulndb1 wordfence1