Search criteria
2 vulnerabilities found for Replace Image by aspengrovestudios
CVE-2024-4873 (GCVE-0-2024-4873)
Vulnerability from cvelistv5 – Published: 2024-06-19 03:12 – Updated: 2024-08-01 20:55
VLAI?
Title
Replace Image <= 1.1.10 - Insecure Direct Object Reference
Summary
The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to replace images uploaded by higher level users such as admins.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| aspengrovestudios | Replace Image |
Affected:
* , ≤ 1.1.10
(semver)
|
Credits
Jin Hao Chan
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:27:33.168935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:27:48.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:09.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a5d3a62-f7e5-4776-bed9-7ff3f81da452?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/replace-image/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Replace Image",
"vendor": "aspengrovestudios",
"versions": [
{
"lessThanOrEqual": "1.1.10",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jin Hao Chan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to replace images uploaded by higher level users such as admins."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284 Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T03:12:30.152Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a5d3a62-f7e5-4776-bed9-7ff3f81da452?source=cve"
},
{
"url": "https://wordpress.org/plugins/replace-image/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-18T14:34:48.000+00:00",
"value": "Disclosed"
}
],
"title": "Replace Image \u003c= 1.1.10 - Insecure Direct Object Reference"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4873",
"datePublished": "2024-06-19T03:12:30.152Z",
"dateReserved": "2024-05-14T14:45:47.037Z",
"dateUpdated": "2024-08-01T20:55:09.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4873 (GCVE-0-2024-4873)
Vulnerability from nvd – Published: 2024-06-19 03:12 – Updated: 2024-08-01 20:55
VLAI?
Title
Replace Image <= 1.1.10 - Insecure Direct Object Reference
Summary
The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to replace images uploaded by higher level users such as admins.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| aspengrovestudios | Replace Image |
Affected:
* , ≤ 1.1.10
(semver)
|
Credits
Jin Hao Chan
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:27:33.168935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:27:48.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:09.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a5d3a62-f7e5-4776-bed9-7ff3f81da452?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/replace-image/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Replace Image",
"vendor": "aspengrovestudios",
"versions": [
{
"lessThanOrEqual": "1.1.10",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jin Hao Chan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to replace images uploaded by higher level users such as admins."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284 Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T03:12:30.152Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a5d3a62-f7e5-4776-bed9-7ff3f81da452?source=cve"
},
{
"url": "https://wordpress.org/plugins/replace-image/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-18T14:34:48.000+00:00",
"value": "Disclosed"
}
],
"title": "Replace Image \u003c= 1.1.10 - Insecure Direct Object Reference"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4873",
"datePublished": "2024-06-19T03:12:30.152Z",
"dateReserved": "2024-05-14T14:45:47.037Z",
"dateUpdated": "2024-08-01T20:55:09.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}