nvd-json-data-feeds/CVE-2023/CVE-2023-441xx/CVE-2023-44150.json

{
  "id": "CVE-2023-44150",
  "sourceIdentifier": "audit@patchstack.com",
  "published": "2023-11-30T15:15:08.517",
  "lastModified": "2023-12-06T01:44:26.800",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress: from n/a through 4.13.2.\n\n"
    },
    {
      "lang": "es",
      "value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en el complemento de membres\u00eda paga del equipo de membres\u00eda de ProfilePress, comercio electr\u00f3nico, formulario de registro, formulario de inicio de sesi\u00f3n, perfil de usuario y contenido restringido: ProfilePress. Este problema afecta el complemento de membres\u00eda paga, el comercio electr\u00f3nico, el formulario de registro, el formulario de inicio de sesi\u00f3n y el perfil de usuario. & Restringir contenido \u2013 ProfilePress: desde n/a hasta 4.13.2."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      },
      {
        "source": "audit@patchstack.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    },
    {
      "source": "audit@patchstack.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:properfraction:profilepress:*:*:*:*:*:wordpress:*:*",
              "versionEndExcluding": "4.13.3",
              "matchCriteriaId": "F655930E-1F4F-48AE-B39F-11CBF939F817"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-2-sensitive-data-exposure-via-debug-log-vulnerability?_s_id=cve",
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}