Lucene search

K
patchstackSteven JulianPATCHSTACK:F80B598F4832BA676E470257A730716B
HistoryJun 03, 2024 - 12:00 a.m.

WordPress Integrate Google Drive Plugin <= 1.3.93 is vulnerable to Broken Authentication

2024-06-0300:00:00
Steven Julian
patchstack.com
1
wordpress
google drive
plugin
vulnerability
broken authentication
cve-2024-35670
owasp top 10

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

Software

Integrate Google Drive

Type

Plugin

Vulnerable versions

<= 1.3.93

Fixed in

1.3.94

OWASP Top 10

A1: Broken Access Control

Classification

Broken Authentication

CVE

CVE-2024-35670

Patch priority

Medium

CVSS severity

Medium (5.3)

Developer

Claim ownership

PSID

835640f5a722

Credits

Steven Julian Steven Julian

Required privilege

Unauthenticated

Published

3 June, 2024

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

We advise to mitigate or resolve the vulnerability immediately.

Affected configurations

Vulners
Node
softlabintegrate_google_driveRange1.3.93wordpress
VendorProductVersionCPE
softlabintegrate_google_drive*cpe:2.3:a:softlab:integrate_google_drive:*:*:*:*:*:wordpress:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

Related for PATCHSTACK:F80B598F4832BA676E470257A730716B