Lucene search

PatchstackVULNRICHMENT:CVE-2024-31095

HistoryMar 31, 2024 - 6:21 p.m.

CVE-2024-31095 WordPress Thumbs Rating plugin <= 5.1.0 - Insecure Direct Object References (IDOR) vulnerability

2024-03-3118:21:53

CWE-639

Patchstack

github.com

cve-2024-31095

wordpress

thumbs rating

insecure direct object references

authorization bypass

user-controlled key

ricard torres

AI Score

6.9

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Authorization Bypass Through User-Controlled Key vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.1.0.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:richard_torres:thumbs_rating:*:*:*:*:*:*:*:*"
    ],
    "vendor": "richard_torres",
    "product": "thumbs_rating",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "5.1.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

patchstack.com/database/vulnerability/thumbs-rating/wordpress-thumbs-rating-plugin-5-1-0-insecure-direct-object-references-idor-vulnerability?_s_id=cve