CVE-2024-32683

2024-04-1912:15:07

CWE-639

[email protected]

web.nvd.nist.gov

authorization bypass

user-controlled key

vulnerability

wpmet wp ultimate review

nvd

security

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5.

Affected configurations

Vulners

Node

wpmetwp_ultimate_reviewRange≤2.2.5

VendorProductVersionCPE
wpmetwp_ultimate_review*cpe:2.3:a:wpmet:wp_ultimate_review:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wpmet	wp_ultimate_review	*	cpe:2.3:a:wpmet:wp_ultimate_review::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-ultimate-review",
    "product": "Wp Ultimate Review",
    "vendor": "Wpmet",
    "versions": [
      {
        "changes": [
          {
            "at": "2.3.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.2.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-insecure-direct-object-references-idor-vulnerability?_s_id=cve