Lucene search

[email protected]CVE-2024-33652

HistoryApr 29, 2024 - 8:15 a.m.

CVE-2024-33652

2024-04-2908:15:08

CWE-862

[email protected]

web.nvd.nist.gov

authorization

vulnerability

real big plugins

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Missing Authorization vulnerability in Real Big Plugins Client Dash.This issue affects Client Dash: from n/a through 2.2.1.

Affected configurations

Vulners

Node

real_big_pluginsclient_dashRange≤2.2.1

VendorProductVersionCPE
real_big_pluginsclient_dash*cpe:2.3:*:real_big_plugins:client_dash:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
real_big_plugins	client_dash	*	cpe:2.3::real_big_plugins:client_dash::::::::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "client-dash",
    "product": "Client Dash",
    "vendor": "Real Big Plugins",
    "versions": [
      {
        "lessThanOrEqual": "2.2.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/client-dash/wordpress-client-dash-plugin-2-2-1-broken-access-control-vulnerability?_s_id=cve

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-33652

wpvulndb1 cvelist1 nvd1 wordfence1