CVE-2024-32777

2024-06-0913:15:49

CWE-862

[email protected]

web.nvd.nist.gov

authorization

vulnerability

bizswoop

cpf concepts

llc

bizprint

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through 4.3.39.

Affected configurations

Vulners

Node

bizswoop_a_cpf_concepts\,_llc_brandbizprintRange≤4.3.39

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "print-google-cloud-print-gcp-woocommerce",
    "product": "BizPrint",
    "vendor": "BizSwoop a CPF Concepts, LLC Brand",
    "versions": [
      {
        "changes": [
          {
            "at": "4.5.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.3.39",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/print-google-cloud-print-gcp-woocommerce/wordpress-bizprint-plugin-4-3-39-broken-access-control-vulnerability?_s_id=cve