CVE-2024-34761

{"id": "CVE-2024-34761", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}]}, "published": "2024-06-10T16:15:13.630", "references": [{"url": "https://patchstack.com/database/vulnerability/advanced-custom-fields-pro/wordpress-advanced-custom-fields-pro-plugin-6-2-10-contributor-arbitrary-function-execution-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/advanced-custom-fields-pro/wordpress-advanced-custom-fields-pro-plugin-6-2-10-contributor-arbitrary-function-execution-vulnerability?_s_id=cve", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability discovered by executing a planned security audit.\n\nImproper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10."}, {"lang": "es", "value": "Vulnerabilidad descubierta al ejecutar una auditor\u00eda de seguridad planificada. Vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en WPENGINE INC Advanced Custom Fields PRO permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta a Advanced Custom Fields PRO: desde n/a antes de 6.2.10."}], "lastModified": "2024-11-21T09:19:20.860", "sourceIdentifier": "audit@patchstack.com"}