Lucene search
PatchstackCVE-2024-37228HistoryJun 24, 2024 - 1:15 p.m.
CVE-2024-37228
2024-06-2413:15:10
CWE-94
Patchstack
web.nvd.nist.gov
29
cve-2024-37228
code injection
instawp connect
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0
Percentile
9.1%
Improper Control of Generation of Code (‘Code Injection’) vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38.
Affected configurations
Node
instawp_teaminstawp_connectRange≤0.1.0.38wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| instawp_team | instawp_connect | * | cpe:2.3:a:instawp_team:instawp_connect:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "instawp-connect",
"product": "InstaWP Connect",
"vendor": "InstaWP Team",
"versions": [
{
"changes": [
{
"at": "0.1.0.39",
"status": "unaffected"
}
],
"lessThanOrEqual": "0.1.0.38",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
cvelist
cvelist
nvd
nvd
CVE-2024-37228
2024-06-24 13:15:10
wordfence
wordfence
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0
Percentile
9.1%
Related for CVE-2024-37228