ByteOS Network

Vulnerability Details :

CVE-2024-30507

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-29 Mar, 2024 | 14:15

Updated At-02 Aug, 2024 | 01:38

WordPress Molongui Authorship plugin <= 4.7.7 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:29 Mar, 2024 | 14:15

Updated At:02 Aug, 2024 | 01:38

▼CVE Numbering Authority (CNA)

WordPress Molongui Authorship plugin <= 4.7.7 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7.

Affected Products

Vendor

Molongui

Product

Molongui

Collection URL

https://wordpress.org/plugins

Package Name

molongui-authorship

Default Status

unaffected

Versions

Affected

From n/a through 4.7.7 (custom)
- -> unaffectedfrom4.7.8

Problem Types

Type	CWE ID	Description
CWE	CWE-639	CWE-639 Authorization Bypass Through User-Controlled Key

Type: CWE

CWE ID: CWE-639

Description: CWE-639 Authorization Bypass Through User-Controlled Key

Metrics

Version	Base score	Base severity	Vector
3.1	2.7	LOW	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Version: 3.1

Base score: 2.7

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Solutions

Update to 4.7.8 or a higher version.

Credits

finder

CatFather (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/molongui-authorship/wordpress-molongui-authorship-plugin-4-7-7-insecure-direct-object-references-idor-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/vulnerability/molongui-authorship/wordpress-molongui-authorship-plugin-4-7-7-insecure-direct-object-references-idor-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/molongui-authorship/wordpress-molongui-authorship-plugin-4-7-7-insecure-direct-object-references-idor-vulnerability?_s_id=cve	vdb-entry x_transferred

Hyperlink: https://patchstack.com/database/vulnerability/molongui-authorship/wordpress-molongui-authorship-plugin-4-7-7-insecure-direct-object-references-idor-vulnerability?_s_id=cve

Resource:

vdb-entry

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:29 Mar, 2024 | 15:15

Updated At:01 Apr, 2024 | 01:12

Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	2.7	LOW	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 2.7

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-639	Secondary	audit@patchstack.com

CWE ID: CWE-639

Type: Secondary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/vulnerability/molongui-authorship/wordpress-molongui-authorship-plugin-4-7-7-insecure-direct-object-references-idor-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Hyperlink: https://patchstack.com/database/vulnerability/molongui-authorship/wordpress-molongui-authorship-plugin-4-7-7-insecure-direct-object-references-idor-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

3Records found

CVE-2024-10452

Matching Score-4

Assigner-Grafana Labs

View Details

Matching Score-4

Assigner-Grafana Labs

CVSS Score-2.2||LOW

EPSS-0.03% / 6.56%

7 Day CHG~0.00%

Published-29 Oct, 2024 | 15:16

Updated-08 Nov, 2024 | 17:59

Organization admins can delete pending invites created in an organization they are not part of.

Vendor-Grafana Labs

Product-grafana Grafana

CWE ID-CWE-639

Authorization Bypass Through User-Controlled Key

CVE-2023-41368

Matching Score-4

Assigner-SAP SE

View Details

Matching Score-4

Assigner-SAP SE

CVSS Score-2.7||LOW

EPSS-0.15% / 36.50%

7 Day CHG~0.00%

Published-12 Sep, 2023 | 01:59

Updated-26 Sep, 2024 | 16:04

Insecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps)

The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call.

Vendor-SAP SE

Product-s\/4_hana S4 HANA ABAP (Manage checkbook apps)

CWE ID-CWE-639

Authorization Bypass Through User-Controlled Key

CVE-2021-36906

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-2.7||LOW

EPSS-0.07% / 22.16%

7 Day CHG~0.00%

Published-03 Nov, 2022 | 19:33

Updated-20 Feb, 2025 | 20:15

WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities

Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.

Vendor-expresstech ExpressTech

Product-quiz_and_survey_master Quiz And Survey Master (WordPress plugin)

CWE ID-CWE-639

Authorization Bypass Through User-Controlled Key

CVE-2024-30507

Credits

WordPress Molongui Authorship plugin <= 4.7.7 - Insecure Direct Object References (IDOR) vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs