CVE-2024-34821

{"id": "CVE-2024-34821", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-06-11T16:15:28.280", "references": [{"url": "https://patchstack.com/database/vulnerability/contact-list/wordpress-contact-list-plugin-2-9-87-broken-access-control-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Contact List PRO Contact List \u2013 Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List \u2013 Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through 2.9.87."}, {"lang": "es", "value": "Vulnerabilidad de falta de autorizaci\u00f3n en Contact List PRO Contact List \u2013 Easy Business Directory, Staff Directory and Address Book Plugin. Este problema afecta a Contact List \u2013 Easy Business Directory, Staff Directory and Address Book Plugin: desde n/a hasta 2.9.87."}], "lastModified": "2024-08-07T14:30:54.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:contactlistpro:contact_list:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4D3D2BBA-2DE2-4871-A587-5D18489A6DE1", "versionEndExcluding": "2.9.88"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}