admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-111xx/CVE-2024-11197.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

64 lines
2.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-11197",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-21T11:15:24.060",
"lastModified": "2024-11-21T13:57:24.187",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, to interact with the vulnerable site via an API such as XML-RPC or REST despite their account being locked."
},
{
"lang": "es",
"value": "El complemento Lock User Account para WordPress es vulnerable a la omisi\u00f3n del bloqueo de usuarios en todas las versiones hasta la 1.0.5 incluida. Esto se debe a que permite iniciar sesi\u00f3n con contrase\u00f1a de la aplicaci\u00f3n cuando las cuentas de usuario est\u00e1n bloqueadas. Esto hace posible que los atacantes autenticados, con contrase\u00f1as de aplicaci\u00f3n existentes, interact\u00faen con el sitio vulnerable a trav\u00e9s de una API como XML-RPC o REST a pesar de que su cuenta est\u00e9 bloqueada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://wordpress.org/plugins/lock-user-account/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/63374c5c-0b0a-4091-9aee-2e6c1d17a1b2?source=cve",
"source": "security@wordfence.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink