admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-01 19:21:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-126xx/CVE-2024-12617.json
cad-safe-bot 2ffe26a616 Auto-Update: 2024-12-29T03:00:19.366387+00:00
2024-12-29 03:03:44 +00:00

64 lines
2.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-12617",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-24T05:15:07.013",
"lastModified": "2024-12-24T05:15:07.013",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and modify history data."
},
{
"lang": "es",
"value": "El complemento WC Price History para Omnibus para WordPress es vulnerable al acceso no autorizado debido a una falta de verificaci\u00f3n de capacidad en varias acciones AJAX en todas las versiones hasta la 2.1.3 incluida. Esto hace posible que los atacantes autenticados, con acceso de nivel de suscriptor y superior, vean y modifiquen los datos del historial."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3209687%40wc-price-history&new=3209687%40wc-price-history&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b380b053-9847-48a8-ba12-d07db9df2baf?source=cve",
"source": "security@wordfence.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink