Lucene search

PatchstackCVE-2024-38775

HistoryAug 01, 2024 - 9:15 p.m.

CVE-2024-38775

2024-08-0121:15:28

CWE-269

Patchstack

web.nvd.nist.gov

webappick ctx feed

privilege escalation

vulnerability

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.4%

JSON

Improper Privilege Management vulnerability in WebAppick CTX Feed allows Privilege Escalation.This issue affects CTX Feed: from n/a through 6.5.6.

Affected configurations

Vulners

Node

webappickwoocommerce_product_feedRange≤6.5.6wordpress

VendorProductVersionCPE
webappickwoocommerce_product_feed*cpe:2.3:a:webappick:woocommerce_product_feed:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
webappick	woocommerce_product_feed	*	cpe:2.3:a:webappick:woocommerce_product_feed::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "webappick-product-feed-for-woocommerce",
    "product": "CTX Feed",
    "vendor": "WebAppick",
    "versions": [
      {
        "changes": [
          {
            "at": "6.5.7",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.5.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/webappick-product-feed-for-woocommerce/wordpress-ctx-feed-plugin-6-5-6-arbitrary-options-update-vulnerability?_s_id=cve

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.4%

JSON

Related for CVE-2024-38775