CVE-2024-35670 WordPress Integrate Google Drive plugin <= 1.3.93 - Broken Access Control vulnerability

2024-06-0419:06:31

Patchstack

www.cve.org

cve-2024-35670

wordpress

google drive plugin

broken access control

broken authentication

softlab

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

39.1%

JSON

Broken Authentication vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.93.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "integrate-google-drive",
    "product": "Integrate Google Drive",
    "vendor": "SoftLab",
    "versions": [
      {
        "changes": [
          {
            "at": "1.3.94",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.3.93",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-93-broken-access-control-vulnerability?_s_id=cve