nvd-json-data-feeds/CVE-2024/CVE-2024-136xx/CVE-2024-13685.json

{
  "id": "CVE-2024-13685",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2025-03-04T06:15:27.240",
  "lastModified": "2025-03-04T15:15:18.760",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10."
    },
    {
      "lang": "es",
      "value": "El complemento Admin and Site Enhancements (ASE) de WordPress anterior a la versi\u00f3n 7.6.10 recupera direcciones IP de clientes de encabezados potencialmente no confiables, lo que permite a un atacante manipular su valor para eludir la funci\u00f3n de l\u00edmite de inicio de sesi\u00f3n en el complemento Admin and Site Enhancements (ASE) de WordPress anterior a la versi\u00f3n 7.6.10."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ]
  },
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/72c61904-253d-42d1-9edd-7ea2162a2f85/",
      "source": "contact@wpscan.com"
    }
  ]
}