Lucene search
PatchstackCVE-2024-27954HistoryMay 17, 2024 - 9:15 a.m.
CVE-2024-27954
2024-05-1709:15:26
CWE-22
Patchstack
web.nvd.nist.gov
634
cve-2024-27954
security problem
organization
individual
nvd
CVSS3
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
AI Score
6.7
Confidence
Low
EPSS
0.001
Percentile
21.4%
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.
Affected configurations
Node
wp_automaticautomaticRange≤3.92.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wp_automatic | automatic | * | cpe:2.3:a:wp_automatic:automatic:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Automatic",
"vendor": "WP Automatic",
"versions": [
{
"changes": [
{
"at": "3.92.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.92.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-27954
2024-05-17 09:15:26
cvelist
cvelist
wpvulndb
wpvulndb
nuclei
nuclei
WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF
2024-03-22 15:33:04
wordfence
wordfence
CVSS3
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
AI Score
6.7
Confidence
Low
EPSS
0.001
Percentile
21.4%
Related for CVE-2024-27954