cve-2024-6750
Vulnerability from cvelistv5
Published
2024-07-24 02:33
Modified
2024-08-01 21:41
Severity
Summary
Social Auto Poster <= 5.3.14 - Missing Authorization via Multiple Functions
References
Impacted products
| Vendor | Product |
|---|---|
| WPWeb | Social Auto Poster |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T20:39:54.922397Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T20:40:10.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:04.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Social Auto Poster",
"vendor": "WPWeb",
"versions": [
{
"lessThanOrEqual": "5.3.14",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T02:33:55.116Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve"
},
{
"url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-15T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-07-15T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-07-23T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Social Auto Poster \u003c= 5.3.14 - Missing Authorization via Multiple Functions"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6750",
"datePublished": "2024-07-24T02:33:55.116Z",
"dateReserved": "2024-07-15T13:00:22.715Z",
"dateUpdated": "2024-08-01T21:41:04.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-6750\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2024-07-24T03:15:03.477\",\"lastModified\":\"2024-09-03T21:40:22.460\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.\"},{\"lang\":\"es\",\"value\":\"El complemento Social Auto Poster para WordPress es vulnerable al acceso no autorizado, modificaci\u00f3n y p\u00e9rdida de datos debido a una falta de verificaci\u00f3n de capacidad en m\u00faltiples funciones en todas las versiones hasta la 5.3.14 incluida. Esto hace posible que atacantes no autenticados agreguen, modifiquen o eliminen opciones de complementos y metadatos de publicaciones.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]},{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wpwebinfotech:social_auto_poster:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"5.3.15\",\"matchCriteriaId\":\"52D98036-BC8E-43E0-A6E3-5546B9891892\"}]}]}],\"references\":[{\"url\":\"https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169\",\"source\":\"security@wordfence.com\",\"tags\":[\"Product\"]},{\"url\":\"https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve\",\"source\":\"security@wordfence.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading...