CVE-2024-8478

{"id": "CVE-2024-8478", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}]}, "published": "2024-09-10T03:15:03.903", "references": [{"url": "https://plugins.trac.wordpress.org/browser/amazonsimpleadmin/trunk/AsaCore.php#L285", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3147740%40amazonsimpleadmin&new=3147740%40amazonsimpleadmin&sfp_email=&sfph_mail=", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f50769c-77b8-42ff-b67d-b9b289fc51da?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."}, {"lang": "es", "value": "El complemento The Affiliate Super Assistent para WordPress es vulnerable a la ejecuci\u00f3n de c\u00f3digos cortos arbitrarios en todas las versiones hasta la 1.5.3 incluida. Esto se debe a que el software permite a los usuarios proporcionar c\u00f3digos cortos arbitrarios en los comentarios cuando la opci\u00f3n \"Analizar comentarios\" est\u00e1 habilitada. Esto hace posible que atacantes no autenticados ejecuten c\u00f3digos cortos arbitrarios."}], "lastModified": "2024-09-26T15:53:44.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ifeelweb:affiliate_super_assistent:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C99920B6-D034-4CE5-9735-93C1A590AD2F", "versionEndExcluding": "1.5.4"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}