Lucene search

K
vulnrichmentPatchstackVULNRICHMENT:CVE-2024-52438
HistoryNov 20, 2024 - 11:59 a.m.

CVE-2024-52438 WordPress de:branding plugin <= 1.0.2 - Privilege Escalation vulnerability

2024-11-2011:59:17
CWE-306
Patchstack
github.com
1
wordpress
branding plugin
privilege escalation

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0

Percentile

10.3%

SSVC

Exploitation

poc

Automatable

no

Technical Impact

total

Missing Authentication for Critical Function vulnerability in deco.Agency de:branding allows Privilege Escalation.This issue affects de:branding: from n/a through 1.0.2.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:deco.agency:de.branding:*:*:*:*:*:*:*:*"
    ],
    "vendor": "deco.agency",
    "product": "de.branding",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "1.0.2"
      }
    ],
    "defaultStatus": "unknown"
  }
]

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0

Percentile

10.3%

SSVC

Exploitation

poc

Automatable

no

Technical Impact

total

Related for VULNRICHMENT:CVE-2024-52438