Lucene search

K
cvelistPatchstackCVELIST:CVE-2024-33914
HistoryMay 03, 2024 - 8:36 a.m.

CVE-2024-33914 WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability

2024-05-0308:36:06
CWE-862
Patchstack
www.cve.org
cve-2024-33914
broken access control
post duplication
missing authorization
exclusive addons elementor

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "exclusive-addons-for-elementor",
    "product": "Exclusive Addons Elementor",
    "vendor": "Exclusive Addons",
    "versions": [
      {
        "changes": [
          {
            "at": "2.6.9.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.6.9.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-33914