CVE-2024-5654
CF7 Google Sheets Connector <= 5.0.9 - Missing Authorization to Limited Site Configuration Update
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site configuration settings, including WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG, and SAVEQUERIES.
El complemento CF7 Google Sheets Connector para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función 'execute_post_data_cg7_free' en todas las versiones hasta la 5.0.9 incluida. Esto hace posible que atacantes no autenticados alterne las configuraciones de configuración del sitio, incluidos WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG y SAVEQUERIES.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-06-05 CVE Reserved
- 2024-06-07 CVE Published
- 2024-08-01 CVE Updated
- 2024-11-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (3)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Westerndeal Search vendor "Westerndeal" | CF7 Google Sheets Connector Search vendor "Westerndeal" for product "CF7 Google Sheets Connector" | <= 5.0.9 Search vendor "Westerndeal" for product "CF7 Google Sheets Connector" and version " <= 5.0.9" | en |
Affected
| ||||||