Lucene search

WPScanCVE-2024-2232

HistoryAug 05, 2024 - 6:16 a.m.

CVE-2024-2232

2024-08-0506:16:40

WPScan

web.nvd.nist.gov

csrf checks

unauthorized invitations

user groups

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

6.6

Confidence

High

EPSS

Percentile

9.4%

JSON

The lacks CSRF checks allowing a user to invite any user to any group (including private groups)

Affected configurations

Vulners

Vulnrichment

Node

himerRange<2.1.3wordpress

VendorProductVersionCPE
*himer*cpe:2.3:a:*:himer:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
*	himer	*	cpe:2.3:a::himer::::::wordpress::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Himer",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.1.3"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/a2df28d3-bf03-4fd3-b231-86e062739899/

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

6.6

Confidence

High

EPSS

Percentile

9.4%

JSON

Related for CVE-2024-2232