Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveWordfenceCVE-2024-4355
HistoryMay 30, 2024 - 9:15 a.m.

CVE-2024-4355

2024-05-3009:15:09
Wordfence
web.nvd.nist.gov
28
wordpress
block bad bots
vulnerability
unauthorized access
data exposure
nvd
cve-2024-4355

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0

Percentile

14.0%

JSON

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbots_get_ajax_data() function in all versions up to, and including, 10.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose visitor data.

Affected configurations

Vulners
Node
sminozziblock_bad_bots_and_stop_bad_bots_crawlers_and_spiders_and_anti_spam_protectionRange10.24wordpress
VendorProductVersionCPE
sminozziblock_bad_bots_and_stop_bad_bots_crawlers_and_spiders_and_anti_spam_protection*cpe:2.3:a:sminozzi:block_bad_bots_and_stop_bad_bots_crawlers_and_spiders_and_anti_spam_protection:*:*:*:*:*:wordpress:*:*

CNA Affected

[
  {
    "vendor": "sminozzi",
    "product": "Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "10.24",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Related

wpvulndb 1
nvd 1
cvelist 1
vulnrichment 1
wordfence 1
wpvulndb
wpvulndb
Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection < 10.24 - Missing Authorization to Information Expsoure
2024-05-29 00:00:00
nvd
nvd
CVE-2024-4355
2024-05-30 09:15:09
cvelist
cvelist
CVE-2024-4355 Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 10.24 - Missing Authorization to Information Expsoure
2024-05-30 08:30:14
vulnrichment
vulnrichment
CVE-2024-4355 Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 10.24 - Missing Authorization to Information Expsoure
2024-05-30 08:30:14
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)
2024-06-06 15:09:28

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0

Percentile

14.0%

JSON
Related for CVE-2024-4355
wpvulndb1nvd1cvelist1vulnrichment1wordfence1