ByteOS Network

Vulnerability Details :

CVE-2024-3237

Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599

Published At-04 May, 2024 | 03:31

Updated At-01 Aug, 2024 | 20:05

The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Wordfence

Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599

Published At:04 May, 2024 | 03:31

Updated At:01 Aug, 2024 | 20:05

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

Brainstorm Force

Product

ConvertPlug

Default Status

unaffected

Versions

Affected

From * through 3.5.25 (semver)

Problem Types

Type	CWE ID	Description
N/A	N/A	CWE-862 Missing Authorization

Type: N/A

CWE ID: N/A

Description: CWE-862 Missing Authorization

Metrics

Version	Base score	Base severity	Vector
3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Credits

finder

Mohamed Awad

Timeline

Event	Date
Disclosed	2024-05-03 00:00:00

Event: Disclosed

Date: 2024-05-03 00:00:00

References

Hyperlink	Resource
https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd72420-dca1-455d-92a6-a178b4b26eab?source=cve	N/A
https://www.convertplug.com/plus/product/convertplug/	N/A

Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd72420-dca1-455d-92a6-a178b4b26eab?source=cve

Resource: N/A

Hyperlink: https://www.convertplug.com/plus/product/convertplug/

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd72420-dca1-455d-92a6-a178b4b26eab?source=cve	x_transferred
https://www.convertplug.com/plus/product/convertplug/	x_transferred

Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd72420-dca1-455d-92a6-a178b4b26eab?source=cve

Resource:

x_transferred

Hyperlink: https://www.convertplug.com/plus/product/convertplug/

Resource:

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security@wordfence.com

Published At:04 May, 2024 | 04:15

Updated At:06 May, 2024 | 12:44

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Type: Primary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

References

Hyperlink	Source	Resource
https://www.convertplug.com/plus/product/convertplug/	security@wordfence.com	N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd72420-dca1-455d-92a6-a178b4b26eab?source=cve	security@wordfence.com	N/A