Lucene search

K
patchstackLucio SรกPATCHSTACK:2D5BE296CF3DBADAF7C5B4931410B297
HistoryMar 22, 2024 - 12:00 a.m.

WordPress 360 Javascript Viewer Plugin <= 1.7.12 is vulnerable to Broken Access Control

2024-03-2200:00:00
Lucio Sรก
patchstack.com
1
javascript viewer
broken access control
vulnerable version
fixed version
owasp top 10
cve-2024-1637
low priority

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.9

Confidence

Low

Software

360 Javascript Viewer

Type

Plugin

Vulnerable versions

<= 1.7.12

Fixed in

1.7.13

OWASP Top 10

A5: Broken Access Control

Classification

Broken Access Control

CVE

CVE-2024-1637

Patch priority

Low

CVSS severity

Low (4.3)

Developer

Claim ownership

PSID

bcec8398ba12

Credits

Lucio Sรก

Required privilege

Subscriber

Published

22 March, 2024

Vulnerability details

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
360_javascript_viewer360_javascript_viewerRangeโ‰ค1.7.12
VendorProductVersionCPE
360_javascript_viewer360_javascript_viewer*cpe:2.3:a:360_javascript_viewer:360_javascript_viewer:*:*:*:*:*:*:*:*

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.9

Confidence

Low

Related for PATCHSTACK:2D5BE296CF3DBADAF7C5B4931410B297