CVE-2024-0447

Sažetak

The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin settings.

Reference

https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L60
https://www.wordfence.com/threat-intel/vulnerabilities/id/848f36de-c62a-45ee-b259-46dab73e4439?source=cve
https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L60
https://www.wordfence.com/threat-intel/vulnerabilities/id/848f36de-c62a-45ee-b259-46dab73e4439?source=cve

CVSS

Base:	5.0
Impact:	1.4
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Zadnje važnije ažuriranje

11-03-2025 - 16:38

Objavljeno

13-03-2024 - 16:15