CVE-2024-6750

{"id": "CVE-2024-6750", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}]}, "published": "2024-07-24T03:15:03.477", "references": [{"url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options."}, {"lang": "es", "value": "El complemento Social Auto Poster para WordPress es vulnerable al acceso no autorizado, modificaci\u00f3n y p\u00e9rdida de datos debido a una falta de verificaci\u00f3n de capacidad en m\u00faltiples funciones en todas las versiones hasta la 5.3.14 incluida. Esto hace posible que atacantes no autenticados agreguen, modifiquen o eliminen opciones de complementos y metadatos de publicaciones."}], "lastModified": "2024-09-03T21:40:22.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpwebinfotech:social_auto_poster:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "52D98036-BC8E-43E0-A6E3-5546B9891892", "versionEndExcluding": "5.3.15"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}