CVE-2024-0366

The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings.
Configurations

Configuration 1 (hide)

cpe:2.3:a:squirrly:starbox:*:*:*:*:*:wordpress:*:*

History

13 Feb 2024, 17:05

Type Values Removed Values Added
First Time Squirrly
Squirrly starbox
CPE cpe:2.3:a:squirrly:starbox:*:*:*:*:*:wordpress:*:*
CWE CWE-639
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
References () https://plugins.trac.wordpress.org/changeset/3028775/starbox/trunk?contextall=1&old=3000701&old_path=%2Fstarbox%2Ftrunk - () https://plugins.trac.wordpress.org/changeset/3028775/starbox/trunk?contextall=1&old=3000701&old_path=%2Fstarbox%2Ftrunk - Issue Tracking
References () https://plugins.trac.wordpress.org/browser/starbox/trunk/core/UserSettings.php - () https://plugins.trac.wordpress.org/browser/starbox/trunk/core/UserSettings.php - Issue Tracking
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=cve - Third Party Advisory

05 Feb 2024, 22:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-05 22:16

Updated : 2024-02-28 20:54


NVD link : CVE-2024-0366

Mitre link : CVE-2024-0366

CVE.ORG link : CVE-2024-0366


JSON object : View

Products Affected

squirrly

  • starbox
CWE
CWE-639

Authorization Bypass Through User-Controlled Key