Lucene search

PatchstackCVELIST:CVE-2024-32509

HistoryApr 17, 2024 - 7:43 a.m.

CVE-2024-32509 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.76 - Broken Access Control vulnerability

2024-04-1707:43:17

CWE-862

Patchstack

www.cve.org

wordpress

cost estimation

payment forms builder

broken access control

missing authorization

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

0.0004 Low

EPSS

Percentile

9.1%

JSON

Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "WP Cost Estimation & Payment Forms Builder",
    "vendor": "Loopus",
    "versions": [
      {
        "changes": [
          {
            "at": "10.1.77",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "10.1.76",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-estimation-form/wordpress-wp-cost-estimation-payment-forms-builder-plugin-10-1-76-broken-access-control-vulnerability?_s_id=cve

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-32509