Lucene search
WPScanCVE-2024-5570HistoryJun 28, 2024 - 6:15 a.m.
CVE-2024-5570
2024-06-2806:15:06
WPScan
web.nvd.nist.gov
26
photoswipe
wordpress
vulnerability
authorisation check
settings
update
authenticated users
subscriber
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.1%
The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them
Affected configurations
Node
simple_photoswipeRange≤0.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | simple_photoswipe | * | cpe:2.3:a:*:simple_photoswipe:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Simple Photoswipe",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "0.1"
}
],
"defaultStatus": "affected"
}
]Related
nvd
nvd
CVE-2024-5570
2024-06-28 06:15:06
wpvulndb
wpvulndb
Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update
2024-06-07 00:00:00
vulnrichment
vulnrichment
cvelist
cvelist
wpexploit
wpexploit
Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update
2024-06-07 00:00:00
wordfence
wordfence
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.1%
Related for CVE-2024-5570