admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-288xx/CVE-2025-28874.json
cad-safe-bot 7ab230f046 Auto-Update: 2025-03-16T03:00:19.723046+00:00
2025-03-16 03:03:50 +00:00

60 lines
2.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-28874",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-11T21:15:44.907",
"lastModified": "2025-03-11T21:15:44.907",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in shanebp BP Email Assign Templates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BP Email Assign Templates: from n/a through 1.6."
},
{
"lang": "es",
"value": "La vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n mediante clave controlada por el usuario en shanebp BP Email Assign Templates permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a las plantillas de asignaci\u00f3n de correo electr\u00f3nico de BP desde n/d hasta la versi\u00f3n 1.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/bp-email-assign-templates/vulnerability/wordpress-bp-email-assign-templates-by-shanebp-plugin-1-6-arbitrary-content-deletion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink