Lucene search

[email protected]CVE-2024-25906

HistoryMay 17, 2024 - 9:15 a.m.

CVE-2024-25906

2024-05-1709:15:26

CWE-290

[email protected]

web.nvd.nist.gov

cve-2024-25906

authentication bypass

spoofing

wp happy coders

comments like dislike

functionality bypass

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through 1.2.2.

Affected configurations

Vulners

Node

wp_happy_coderscomments_like_dislikeRange≤1.2.2

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "comments-like-dislike",
    "product": "Comments Like Dislike",
    "vendor": "WP Happy Coders",
    "versions": [
      {
        "changes": [
          {
            "at": "1.2.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.2.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/comments-like-dislike/wordpress-comments-like-dislike-plugin-1-2-1-ip-restriction-bypass-vulnerability-vulnerability?_s_id=cve

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-25906

cvelist1 nvd1 wordfence1