Lucene search

WordfenceVULNRICHMENT:CVE-2024-3607

HistoryMay 02, 2024 - 4:52 p.m.

CVE-2024-3607

2024-05-0216:52:44

Wordfence

github.com

propertyhive

wordpress

vulnerability

data loss

capability check

authenticated attackers

subscriber-level access

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

6.6

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3075163%40propertyhive&new=3075163%40propertyhive&sfp_email=&sfph_mail=#file11

www.wordfence.com/threat-intel/vulnerabilities/id/d8d52ced-807b-48c0-bb7a-e40d143ae5d3?source=cve

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

6.6

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-3607