Lucene search

[email protected]NVD:CVE-2024-34444

HistoryJun 19, 2024 - 3:15 p.m.

CVE-2024-34444

2024-06-1915:15:59

CWE-862

[email protected]

web.nvd.nist.gov

cve-2024-34444

themepunch ohg

slider revolution

authorization vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.5%

JSON

Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0.

Affected configurations

Nvd

Node

themepunchslider_revolutionRange<6.7.0wordpress

VendorProductVersionCPE
themepunchslider_revolution*cpe:2.3:a:themepunch:slider_revolution:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
themepunch	slider_revolution	*	cpe:2.3:a:themepunch:slider_revolution::::::wordpress::*

References

patchstack.com/articles/unauthenticated-xss-vulnerability-patched-in-slider-revolution-plugin?_s_id=cve

patchstack.com/database/vulnerability/revslider/wordpress-slider-revolution-plugin-6-7-0-unauthenticated-broken-access-control-vulnerability?_s_id=cve

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.5%

JSON

Related for NVD:CVE-2024-34444

wpvulndb1 cvelist1 cve1 vulnrichment1 wordfence1