CVE-2024-37430
WordPress Patreon WordPress plugin <= 1.9.0 - Image Protection Bypass vulnerability
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Authentication Bypass by Spoofing vulnerability in Patreon Patreon WordPress allows Functionality Misuse.This issue affects Patreon WordPress: from n/a through 1.9.0.
Vulnerabilidad de omisión de autenticación mediante suplantación de identidad en Patreon Patreon WordPress permite el uso indebido de la funcionalidad. Este problema afecta a Patreon WordPress: desde n/a hasta 1.9.0.
The Patreon WordPress plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.9.0. This is due to plugin allowing a bypass when a specific header was supplied. This makes it possible for unauthenticated attackers to bypass image locking protections.
*Credits:
MCboyIR (Patchstack Alliance)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-06-09 CVE Reserved
- 2024-06-28 CVE Published
- 2024-07-10 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-290: Authentication Bypass by Spoofing
- CWE-693: Protection Mechanism Failure
CAPEC
- CAPEC-212: Functionality Misuse
References (1)
| URL | Tag | Source |
|---|---|---|
| https://patchstack.com/database/vulnerability/patreon-connect/wordpress-patreon-wordpress-plugin-1-9-0-image-protection-bypass-vulnerability?_s_id=cve | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Patreon Connect Search vendor "Patreon Connect" | Patreon Connect Search vendor "Patreon Connect" for product "Patreon Connect" | >= 0.0.0 <= 1.9.0 Search vendor "Patreon Connect" for product "Patreon Connect" and version " >= 0.0.0 <= 1.9.0" | en |
Affected
| ||||||