nvd-json-data-feeds/CVE-2024/CVE-2024-138xx/CVE-2024-13887.json

{
  "id": "CVE-2024-13887",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2025-03-13T04:15:18.680",
  "lastModified": "2025-03-13T04:15:18.680",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Business Directory Plugin \u2013 Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax_listing_submit_image_upload' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to add arbitrary images to listings."
    },
    {
      "lang": "es",
      "value": "El complemento Business Directory Plugin \u2013 Easy Listing Directories for WordPress para WordPress es vulnerable a una Referencia Directa a Objetos Insegura en todas las versiones hasta la 6.4.14 incluida, a trav\u00e9s de la funci\u00f3n 'ajax_listing_submit_image_upload', debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto permite que atacantes no autenticados a\u00f1adan im\u00e1genes arbitrarias a los listados."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3249927/business-directory-plugin/trunk/includes/class-wpbdp.php",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06c3de6d-92e7-46f8-86a9-37f027767fc0?source=cve",
      "source": "security@wordfence.com"
    }
  ]
}
Auto-Update: 2025-03-13T05:00:19.654980+00:00 2025-03-13 05:03:49 +00:00			`{`
			`"id": "CVE-2024-13887",`
			`"sourceIdentifier": "security@wordfence.com",`
			`"published": "2025-03-13T04:15:18.680",`
			`"lastModified": "2025-03-13T04:15:18.680",`
			`"vulnStatus": "Received",`
			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "The Business Directory Plugin \u2013 Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax_listing_submit_image_upload' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to add arbitrary images to listings."`
Auto-Update: 2025-03-16T03:00:19.723046+00:00 2025-03-16 03:03:50 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "El complemento Business Directory Plugin \u2013 Easy Listing Directories for WordPress para WordPress es vulnerable a una Referencia Directa a Objetos Insegura en todas las versiones hasta la 6.4.14 incluida, a trav\u00e9s de la funci\u00f3n 'ajax_listing_submit_image_upload', debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto permite que atacantes no autenticados a\u00f1adan im\u00e1genes arbitrarias a los listados."`
Auto-Update: 2025-03-13T05:00:19.654980+00:00 2025-03-13 05:03:49 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "security@wordfence.com",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",`
			`"baseScore": 5.3,`
			`"baseSeverity": "MEDIUM",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "NONE"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 1.4`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "security@wordfence.com",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-639"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://plugins.trac.wordpress.org/changeset/3249927/business-directory-plugin/trunk/includes/class-wpbdp.php",`
			`"source": "security@wordfence.com"`
			`},`
			`{`
			`"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06c3de6d-92e7-46f8-86a9-37f027767fc0?source=cve",`
			`"source": "security@wordfence.com"`
			`}`
			`]`
			`}`