Lucene search

PatchstackCVELIST:CVE-2024-31341

HistoryMay 17, 2024 - 8:19 a.m.

CVE-2024-31341 WordPress User Profile Builder plugin <= 3.11.2 - Bypass Vulnerability vulnerability

2024-05-1708:19:23

CWE-345

Patchstack

www.cve.org

cve-2024-31341

wordpress

profile builder

data authenticity

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.0004 Low

EPSS

Percentile

9.0%

JSON

Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows Functionality Bypass.This issue affects Profile Builder: from n/a through 3.11.2.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "profile-builder",
    "product": "Profile Builder",
    "vendor": "Cozmoslabs",
    "versions": [
      {
        "changes": [
          {
            "at": "3.11.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.11.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/profile-builder/wordpress-user-profile-builder-plugin-3-11-2-bypass-vulnerability-vulnerability?_s_id=cve

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-31341