Lucene search

PatchstackCVE-2024-24703

HistoryJun 11, 2024 - 3:16 p.m.

CVE-2024-24703

2024-06-1115:16:04

CWE-862

Patchstack

web.nvd.nist.gov

cve

2024

24703

nvd

security

problem

announcement

reserved

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

AI Score

8.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.0.25.

Affected configurations

Vulners

Node

multivendorxwc_marketplaceRange≤4.0.25wordpress

VendorProductVersionCPE
multivendorxwc_marketplace*cpe:2.3:a:multivendorx:wc_marketplace:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
multivendorx	wc_marketplace	*	cpe:2.3:a:multivendorx:wc_marketplace::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "dc-woocommerce-multi-vendor",
    "product": "WC Marketplace",
    "vendor": "MultiVendorX",
    "versions": [
      {
        "changes": [
          {
            "at": "4.0.26",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.0.25",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/dc-woocommerce-multi-vendor/wordpress-multivendorx-plugin-4-1-1-broken-access-control-vulnerability?_s_id=cve

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

AI Score

8.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-24703