CVE-2024-22296

2024-06-1008:15:48

CWE-862

[email protected]

web.nvd.nist.gov

nvd

organization

individual

security problem

publicized

details

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28.

Affected configurations

Vulners

Node

code_for_recovery12_step_meeting_listRange≤3.14.28

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "12-step-meeting-list",
    "product": "12 Step Meeting List",
    "vendor": "Code for Recovery",
    "versions": [
      {
        "changes": [
          {
            "at": "3.14.29",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.14.28",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/12-step-meeting-list/wordpress-12-step-meeting-list-plugin-3-14-26-broken-access-control-vulnerability?_s_id=cve