CVE-2024-1044

Published Feb 29, 2024

Last updated 18 days ago

CVSS medium 5.3

Overview

Description: The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled.
Source: security@wordfence.com
NVD status: Undergoing Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-862

Hype score: Not currently trending

Threat Alert: Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-1044 CVE-2024-10443 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/IzjNl6VD59 #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
5 Nov 2024
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cusrev:customer_reviews_for_woocommerce:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09561A16-4852-417C-BA5B-53D2DF8FB48B",
            "versionEndExcluding": "5.39.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References