Lucene search

WordfenceVULNRICHMENT:CVE-2024-2476

HistoryMar 29, 2024 - 6:44 a.m.

CVE-2024-2476

2024-03-2906:44:00

Wordfence

github.com

wordpress

oceanwp

vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys.

CNA Affected

[
  {
    "vendor": "oceanwp",
    "product": "OceanWP",
    "versions": [
      {
        "status": "affected",
        "version": "*",
        "versionType": "semver",
        "lessThanOrEqual": "3.5.4"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=222387%40oceanwp&new=222387%40oceanwp&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/5ec2743d-0d96-4056-8fdf-dc81d4e9b76f?source=cve

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-2476