CVE-2024-34383 - OpenCVE

Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://patchstack.com/database/vulnerability/wp-seopress/wordpress-seopress-plugin-7-6-1-sensitive-data-exposure-vulnerability?_s_id=cve

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-05-06T17:54:52.233Z

Updated: 2024-06-04T17:40:59.027Z

Reserved: 2024-05-02T11:32:47.761Z

Link: CVE-2024-34383

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-06T18:15:08.603

Modified: 2024-05-09T14:15:07.317

Link: CVE-2024-34383

JSON object: View

Redhat Information

No data.

CWE

CWE-639

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34383", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-05-02T11:32:47.761Z", "datePublished": "2024-05-06T17:54:52.233Z", "dateUpdated": "2024-06-04T17:40:59.027Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-seopress", "product": "SEOPress", "vendor": "The SEO Guys at SEOPress", "versions": [{"changes": [{"at": "7.7.2", "status": "unaffected"}], "lessThanOrEqual": "7.7.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Peng Zhou (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.<p>This issue affects SEOPress: from n/a through 7.7.1.</p>"}], "value": "Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-05-10T09:46:57.056Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/wp-seopress/wordpress-seopress-plugin-7-6-1-sensitive-data-exposure-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 7.7.2 or a higher version."}], "value": "Update to\u00a07.7.2 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress SEOPress plugin <= 7.7.1 - Sensitive Data Exposure vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34383", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-13T20:13:54.072069Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:40:59.027Z"}}]}}