Lucene search
PatchstackCVELIST:CVE-2024-34800HistoryJun 10, 2024 - 3:41 p.m.
CVE-2024-34800 WordPress Crafthemes Demo Import plugin <= 3.3 - Arbitrary Plugin Installation vulnerability
2024-06-1015:41:19
CWE-306
Patchstack
www.cve.org
9
cve-2024-34800
wordpress
crafthemes demo import
arbitrary plugin installation
missing authentication
critical function
functionality misuse
CVSS3
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
EPSS
0
Percentile
9.0%
Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through 3.3.
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "crafthemes-demo-import",
"product": "Crafthemes Demo Import",
"vendor": "Aruphash",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
wpvulndb
wpvulndb
nvd
nvd
CVE-2024-34800
2024-06-10 16:15:14
cve
cve
CVE-2024-34800
2024-06-10 16:15:14
wordfence
wordfence
CVSS3
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
EPSS
0
Percentile
9.0%
Related for CVELIST:CVE-2024-34800