Lucene search
PatchstackCVE-2024-32954HistoryApr 24, 2024 - 11:15 a.m.
CVE-2024-32954
2024-04-2411:15:48
CWE-434
Patchstack
web.nvd.nist.gov
42
cve-2024-32954
vulnerability
file upload
tribulant newsletters
nvd.
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
9.0%
Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5.
Affected configurations
Node
tribulantnewslettersRange≤4.9.5wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tribulant | newsletters | * | cpe:2.3:a:tribulant:newsletters:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "newsletters-lite",
"product": "Newsletters",
"vendor": "Tribulant",
"versions": [
{
"changes": [
{
"at": "4.9.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.9.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-32954
2024-04-24 11:15:48
cvelist
cvelist
wpvulndb
wpvulndb
Newsletters < 4.9.6 - Authenticated (Admin+) Arbitrary File Upload
2024-04-29 00:00:00
wordfence
wordfence
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
9.0%
Related for CVE-2024-32954