CVE-2024-6120 - OpenCVE

The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all posts, pages, and uploaded files, as well as download and install a limited set of demo plugins.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Wpneuron	Sparkle Demo Importer

Configuration 1 [-]

cpe:2.3:a:wpneuron:sparkle_demo_importer:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L446	Product
https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L469	Product
https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L497	Product
https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L519	Product
https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L541	Product
https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L570	Product
https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L595	Product
https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L627	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/8f411d17-5b0d-4a4a-afa8-7efebf6965f2?source=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-21T23:33:48.423Z

Updated: 2024-07-06T03:10:11.691Z

Reserved: 2024-06-18T11:26:18.203Z

Link: CVE-2024-6120

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-06-22T00:15:09.690

Modified: 2024-06-24T20:03:04.363

Link: CVE-2024-6120

JSON object: View

Redhat Information

No data.

CWE

CWE-862

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6120", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-06-18T11:26:18.203Z", "datePublished": "2024-06-21T23:33:48.423Z", "dateUpdated": "2024-07-06T03:10:11.691Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-21T23:33:48.423Z"}, "affected": [{"vendor": "sparklewpthemes", "product": "Sparkle Demo Importer", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.4.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all posts, pages, and uploaded files, as well as download and install a limited set of demo plugins."}], "title": "Sparkle Demo Importer <= 1.4.7 - Missing Authorization to Authorized(Subscriber+) Post/Pages/Attachements Deletion and Demo Data Import", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f411d17-5b0d-4a4a-afa8-7efebf6965f2?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L446"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L469"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L497"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L519"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L595"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L570"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L627"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L541"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "timeline": [{"time": "2024-05-30T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2024-06-21T11:04:07.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-06T03:09:35.333336Z", "id": "CVE-2024-6120", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-06T03:10:11.691Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpneuron:sparkle_demo_importer:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "564B65B3-F58C-4F74-B7FF-5BC0FDFE5EAF", "versionEndExcluding": "1.4.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all posts, pages, and uploaded files, as well as download and install a limited set of demo plugins."}, {"lang": "es", "value": "El complemento Sparkle Demo Importer para WordPress es vulnerable al restablecimiento no autorizado de la base de datos y a la importaci\u00f3n de datos de demostraci\u00f3n debido a una falta de verificaci\u00f3n de capacidad en las m\u00faltiples funciones en todas las versiones hasta la 1.4.7 incluida. Esto hace posible que los atacantes autenticados, con acceso de nivel de suscriptor y superior, eliminen todas las publicaciones, p\u00e1ginas y archivos cargados, as\u00ed como tambi\u00e9n descarguen e instalen un conjunto limitado de complementos de demostraci\u00f3n."}], "id": "CVE-2024-6120", "lastModified": "2024-06-24T20:03:04.363", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2024-06-22T00:15:09.690", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L446"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L469"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L497"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L519"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L541"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L570"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L595"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L627"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f411d17-5b0d-4a4a-afa8-7efebf6965f2?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}