Lucene search

PatchstackCVE-2024-43954

HistoryAug 29, 2024 - 4:15 p.m.

CVE-2024-43954

2024-08-2916:15:09

CWE-863

Patchstack

web.nvd.nist.gov

themeum droip

incorrect authorization

access control

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS

Percentile

14.0%

JSON

Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.

Affected configurations

Nvd

Vulners

Node

themeumdroipRange≤1.1.1wordpress

VendorProductVersionCPE
themeumdroip*cpe:2.3:a:themeum:droip:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
themeum	droip	*	cpe:2.3:a:themeum:droip::::::wordpress::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Droip",
    "vendor": "Themeum",
    "versions": [
      {
        "lessThanOrEqual": "1.1.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/droip/wordpress-droip-plugin-1-1-1-subscriber-settings-change-data-exposure-vulnerability?_s_id=cve