Lucene search

K
patchstackDhabaleshwar DasPATCHSTACK:8E8153CC5EAC4939FC1B49D00A10A4D7
HistoryApr 22, 2024 - 12:00 a.m.

WordPress ShortPixel Critical CSS Plugin <= 1.0.2 is vulnerable to Broken Access Control

2024-04-2200:00:00
Dhabaleshwar Das
patchstack.com
wordpress
shortpixel
critical css
plugin
vulnerable
broken access control
patch
cve-2024-32810
high
developer
subscriber
22 april 2024

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

AI Score

6.5

Confidence

High

Software

ShortPixel Critical CSS

Type

Plugin

Vulnerable versions

<= 1.0.2

Fixed in

1.0.3

OWASP Top 10

A1: Broken Access Control

Classification

Broken Access Control

CVE

CVE-2024-32810

Patch priority

High

CVSS severity

High (7.6)

Developer

ShortPixel

PSID

b4665651b428

Credits

Dhabaleshwar Das Dhabaleshwar Das

Required privilege

Subscriber

Published

22 April, 2024

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

We advise to mitigate or resolve the vulnerability immediately.

Affected configurations

Vulners
Node
shortpixelshortpixel_critical_cssRange1.0.2
VendorProductVersionCPE
shortpixelshortpixel_critical_css*cpe:2.3:a:shortpixel:shortpixel_critical_css:*:*:*:*:*:*:*:*

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

AI Score

6.5

Confidence

High

Related for PATCHSTACK:8E8153CC5EAC4939FC1B49D00A10A4D7