Lucene search

K
cvelistWordfenceCVELIST:CVE-2024-1982
HistoryFeb 29, 2024 - 6:47 a.m.

CVE-2024-1982

2024-02-2906:47:56
Wordfence
www.cve.org
4
wpvivid plugin
wordpress
unauthorized access
sql injection
vulnerability
dos

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

6.8

Confidence

High

EPSS

0

Percentile

15.5%

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS.

CNA Affected

[
  {
    "vendor": "wpvividplugins",
    "product": "Migration, Backup, Staging – WPvivid",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "0.9.68",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

6.8

Confidence

High

EPSS

0

Percentile

15.5%

Related for CVELIST:CVE-2024-1982