Lucene search

[email protected]CVE-2024-32521

HistoryMay 17, 2024 - 9:15 a.m.

CVE-2024-32521

2024-05-1709:15:37

CWE-602

[email protected]

web.nvd.nist.gov

cve-2024-32521

client-side enforcement

server-side security

highfivery llc zero spam

removing important client functionality

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through 5.5.6.

Affected configurations

Vulners

Node

highfivery_llczero_spamRange≤5.5.6

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "zero-spam",
    "product": "Zero Spam",
    "vendor": "Highfivery LLC",
    "versions": [
      {
        "changes": [
          {
            "at": "5.5.7",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.5.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/zero-spam/wordpress-zero-spam-for-wordpress-plugin-5-5-5-bypass-spam-protection-vulnerability?_s_id=cve

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-32521

wpvulndb1 cvelist1 nvd1 wordfence1