CVE-2024-33636

2024-04-2909:15:08

CWE-862

[email protected]

web.nvd.nist.gov

missing authorization

mahesh vora

wp page post widget clone

vulnerability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through 1.0.1.

Affected configurations

Vulners

Node

mahesh_vorawp_page_post_widget_cloneRange≤1.0.1

VendorProductVersionCPE
mahesh_vorawp_page_post_widget_clone*cpe:2.3:*:mahesh_vora:wp_page_post_widget_clone:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mahesh_vora	wp_page_post_widget_clone	*	cpe:2.3::mahesh_vora:wp_page_post_widget_clone::::::::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-page-post-widget-clone",
    "product": "WP Page Post Widget Clone",
    "vendor": "Mahesh Vora",
    "versions": [
      {
        "lessThanOrEqual": "1.0.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-page-post-widget-clone/wordpress-wp-page-post-widget-clone-plugin-1-0-1-broken-access-control-vulnerability?_s_id=cve