Lucene search

WPScanCVE-2024-6695

HistoryJul 31, 2024 - 6:15 a.m.

CVE-2024-6695

2024-07-3106:15:04

WPScan

web.nvd.nist.gov

attacker gaining access

improper logic flow

unauthorized actions

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

9.4%

JSON

it’s possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process.

Affected configurations

Vulners

Vulnrichment

Node

reflectionmediaprofile_builder_–_user_profile_\&_user_registration_formsRange<3.11.9wordpress

VendorProductVersionCPE
reflectionmediaprofile_builder_–_user_profile_\&_user_registration_forms*cpe:2.3:a:reflectionmedia:profile_builder_–_user_profile_\&_user_registration_forms:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
reflectionmedia	profile_builder_–_user_profile_\&_user_registration_forms	*	cpe:2.3:a:reflectionmedia:profile_builder_–_user_profile_\&_user_registration_forms::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "User Profile Builder",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "3.11.9"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/4afa5c85-ce27-4ca7-bba2-61fb39c53a5b/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

9.4%

JSON

Related for CVE-2024-6695