Lucene search

[email protected]NVD:CVE-2024-7836

HistoryAug 22, 2024 - 3:15 a.m.

CVE-2024-7836

2024-08-2203:15:04

CWE-863

[email protected]

web.nvd.nist.gov

themify builder

wordpress

unauthorized duplication

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

14.7%

JSON

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate and view private or draft posts created by other users that otherwise shouldn’t be accessible to them.

Affected configurations

Nvd

Node

themifythemify_builderRange<7.6.2wordpress

VendorProductVersionCPE
themifythemify_builder*cpe:2.3:a:themify:themify_builder:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
themify	themify_builder	*	cpe:2.3:a:themify:themify_builder::::::wordpress::*

References

plugins.trac.wordpress.org/browser/themify-builder/tags/7.6.1/classes/class-builder-duplicate-page.php#L41

www.wordfence.com/threat-intel/vulnerabilities/id/31dfc46c-a673-41f1-b701-aa832f004ebc?source=cve

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

14.7%

JSON

Related for NVD:CVE-2024-7836

cvelist1 vulnrichment1 cve1 wordfence1