admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-101xx/CVE-2024-10124.json
cad-safe-bot 5fc0b01395 Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00

80 lines
3.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-10124",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-12T06:15:20.100",
"lastModified": "2024-12-12T06:15:20.100",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1."
},
{
"lang": "es",
"value": "El complemento Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce para WordPress es vulnerable a la instalaci\u00f3n y activaci\u00f3n arbitraria de complementos no autorizados debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n tp_install() en todas las versiones hasta la 1.1.1 incluida . Esto hace posible que atacantes no autenticados instalen y activen complementos arbitrarios que pueden aprovecharse para lograr la ejecuci\u00f3n remota de c\u00f3digo si se instala y activa otro complemento vulnerable. Esta vulnerabilidad fue parcialmente corregida en la versi\u00f3n 1.1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L28",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L46",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/core/class-installation.php#L29",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3173408/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3203532/vayu-blocks/tags/1.2.0/inc/vayu-sites/app.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/81e7ab80-7df2-4ef4-80ee-a11d057151c4?source=cve",
"source": "security@wordfence.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink