Lucene search

PatchstackCVE-2024-30480

HistoryMay 17, 2024 - 9:15 a.m.

CVE-2024-30480

2024-05-1709:15:28

CWE-290

Patchstack

web.nvd.nist.gov

cve-2024-30480

spoofing

cgc maintenance mode

functionality bypass

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

Authentication Bypass by Spoofing vulnerability in Pippin Williamson CGC Maintenance Mode allows Functionality Bypass.This issue affects CGC Maintenance Mode: from n/a through 1.2.

Affected configurations

Vulners

Vulnrichment

Node

pippin_williamsoncgc_maintenance_modeRange≤1.2wordpress

VendorProductVersionCPE
pippin_williamsoncgc_maintenance_mode*cpe:2.3:a:pippin_williamson:cgc_maintenance_mode:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
pippin_williamson	cgc_maintenance_mode	*	cpe:2.3:a:pippin_williamson:cgc_maintenance_mode::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "cgc-maintenance-mode",
    "product": "CGC Maintenance Mode",
    "vendor": "Pippin Williamson",
    "versions": [
      {
        "lessThanOrEqual": "1.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/cgc-maintenance-mode/wordpress-cgc-maintenance-mode-plugin-1-2-ip-filtering-bypass-vulnerability?_s_id=cve

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-30480