CVE-2024-0756

{"id": "CVE-2024-0756", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2024-06-04T15:15:44.893", "references": [{"url": "https://wpscan.com/vulnerability/9130a42d-fca3-4f9c-ab97-d5e0a7a5cef2/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page."}, {"lang": "es", "value": "El complemento Insert or Embed Articulate Content into de WordPress hasta 4.3000000023 carece de validaci\u00f3n de URL al agregar iframes, lo que permite a los atacantes inyectar un iFrame en la p\u00e1gina y, por lo tanto, cargar contenido arbitrario desde cualquier p\u00e1gina."}], "lastModified": "2024-06-05T19:49:50.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elearningfreak:insert_or_embed_articulate_content:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B5AF0BB4-2BC4-474A-82C8-86DDEE537C7D", "versionEndIncluding": "4.3000000023"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}