CVE-2024-5570 - OpenCVE

The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them

CVSS

No CVSS.

Vendors & Products
CPE Configurations

No data.

References

No reference.

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2024-06-28T06:00:03.518Z

Updated: 2024-07-08T20:41:08.852Z

Reserved: 2024-05-31T18:22:56.272Z

Link: CVE-2024-5570

JSON object: View

NVD Information

No data.

Redhat Information

No data.

CWE

No CWE.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5570", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2024-05-31T18:22:56.272Z", "datePublished": "2024-06-28T06:00:03.518Z", "dateUpdated": "2024-07-08T20:41:08.852Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-06-28T06:00:03.518Z"}, "title": "Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update", "problemTypes": [{"descriptions": [{"description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Simple Photoswipe", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "0.1"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them"}], "references": [{"url": "https://wpscan.com/vulnerability/49b3a8cb-f606-4cf7-80ec-bfdafd74e848/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Felipe Caon", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"affected": [{"vendor": "tobias_cichon", "product": "simple_photoswipe", "cpes": ["cpe:2.3:a:tobias_cichon:simple_photoswipe:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "0.1", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-28T17:47:05.288171Z", "id": "CVE-2024-5570", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T20:41:08.852Z"}}]}}