CVE-2024-6120

{"id": "CVE-2024-6120", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-06-22T00:15:09.690", "references": [{"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L446", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L469", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L497", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L519", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L541", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L570", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L595", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/sparkle-demo-importer/tags/1.4.7/sparkle-demo-importer.php#L627", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f411d17-5b0d-4a4a-afa8-7efebf6965f2?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all posts, pages, and uploaded files, as well as download and install a limited set of demo plugins."}, {"lang": "es", "value": "El complemento Sparkle Demo Importer para WordPress es vulnerable al restablecimiento no autorizado de la base de datos y a la importaci\u00f3n de datos de demostraci\u00f3n debido a una falta de verificaci\u00f3n de capacidad en las m\u00faltiples funciones en todas las versiones hasta la 1.4.7 incluida. Esto hace posible que los atacantes autenticados, con acceso de nivel de suscriptor y superior, eliminen todas las publicaciones, p\u00e1ginas y archivos cargados, as\u00ed como tambi\u00e9n descarguen e instalen un conjunto limitado de complementos de demostraci\u00f3n."}], "lastModified": "2024-06-24T20:03:04.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpneuron:sparkle_demo_importer:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "564B65B3-F58C-4F74-B7FF-5BC0FDFE5EAF", "versionEndExcluding": "1.4.8"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}