Lucene search

K
cvelistPatchstackCVELIST:CVE-2024-32808
HistoryApr 24, 2024 - 10:18 a.m.

CVE-2024-32808 WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability

2024-04-2410:18:16
CWE-639
Patchstack
www.cve.org
wordpress
profilegrid
authorization bypass
insecure direct object reference

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "profilegrid-user-profiles-groups-and-communities",
    "product": "ProfileGrid ",
    "vendor": "Metagauss",
    "versions": [
      {
        "changes": [
          {
            "at": "5.8.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.7.9",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-32808