Lucene search

K
vulnrichmentPatchstackVULNRICHMENT:CVE-2024-37204
HistoryNov 01, 2024 - 2:18 p.m.

CVE-2024-37204 WordPress PropertyHive plugin <= 2.0.9 - Broken Access Control vulnerability

2024-11-0114:18:34
CWE-862
Patchstack
github.com
1
cve-2024
wordpress
propertyhive
broken access control
authorization vulnerability
security levels

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0

Percentile

9.9%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9.

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0

Percentile

9.9%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2024-37204