CVE-2024-3237
PUBLISHED5.0
Wordfence
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.
Problem type
- CWE-862 Missing Authorization
Affected products
Brainstorm Force
ConvertPlug
<= 3.5.25 - AFFECTED
References
wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd72420-dca1-455d-92a6-a178b4b26eab?source=cve
convertplug.com
https://www.convertplug.com/plus/product/convertplug/
JSON source
Click to expand
{ "dataType": "CVE_RECORD", "containers": { "cna": { "credits": [ { "lang": "en", "type": "finder", "value": "Mohamed Awad" } ], "metrics": [ { "cvssV3_1": { "version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } } ], "affected": [ { "vendor": "Brainstorm Force", "product": "ConvertPlug", "versions": [ { "status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.5.25" } ], "defaultStatus": "unaffected" } ], "timeline": [ { "lang": "en", "time": "2024-05-03T00:00:00.000+00:00", "value": "Disclosed" } ], "references": [ { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd72420-dca1-455d-92a6-a178b4b26eab?source=cve" }, { "url": "https://www.convertplug.com/plus/product/convertplug/" } ], "descriptions": [ { "lang": "en", "value": "The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true." } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "CWE-862 Missing Authorization" } ] } ], "providerMetadata": { "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-04T03:31:03.130Z" } } }, "cveMetadata": { "cveId": "CVE-2024-3237", "state": "PUBLISHED", "dateUpdated": "2024-05-04T03:31:03.130Z", "dateReserved": "2024-04-02T19:36:08.834Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-05-04T03:31:03.130Z", "assignerShortName": "Wordfence" }, "dataVersion": "5.0" }