Lucene search

K
patchstackManab Jyoti DowarahPATCHSTACK:21AF3EA84EC545602C7F1D6293353676
HistoryJul 01, 2024 - 12:00 a.m.

WordPress Noptin Plugin <= 3.4.2 is vulnerable to Broken Access Control

2024-07-0100:00:00
Manab Jyoti Dowarah
patchstack.com
wordpress noptin plugin
vulnerable
broken access control
low severity
cve-2024-37456
unauthenticated

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0

Percentile

9.9%

Software

Noptin

Type

Plugin

Vulnerable versions

<= 3.4.2

Fixed in

3.4.3

OWASP Top 10

A1: Broken Access Control

Classification

Broken Access Control

CVE

CVE-2024-37456

Patch priority

Low

CVSS severity

Low (5.3)

Developer

Claim ownership

PSID

11706a81609d

Credits

Manab Jyoti Dowarah Manab Jyoti Dowarah

Required privilege

Unauthenticated

Published

1 July, 2024

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
noptin_newsletternoptinRange3.4.2
VendorProductVersionCPE
noptin_newsletternoptin*cpe:2.3:a:noptin_newsletter:noptin:*:*:*:*:*:*:*:*

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0

Percentile

9.9%

Related for PATCHSTACK:21AF3EA84EC545602C7F1D6293353676