Lucene search

PatchstackCVELIST:CVE-2024-25917

HistoryApr 25, 2024 - 8:39 a.m.

CVE-2024-25917 WordPress WP Setup Wizard plugin <= 1.0.8.1 - Auth. Full Database Download Vulnerability

2024-04-2508:39:27

CWE-200

Patchstack

www.cve.org

cve-2024-25917

exposure of sensitive information

unauthorized actor

coderevolution

full database download

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "WP Setup Wizard",
    "vendor": "CodeRevolution",
    "versions": [
      {
        "changes": [
          {
            "at": "1.0.8.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.0.8.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-setup-wizard/wordpress-wp-setup-wizard-plugin-1-0-8-1-subscriber-full-database-download-vulnerability?_s_id=cve

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-25917