CVE-2024-30500 - OpenCVE

Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.12.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/cubewp-framework/wordpress-cubewp-plugin-1-1-12-arbitrary-file-upload-vulnerability?_s_id=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-03-29T13:35:06.065Z

Updated: 2024-08-02T01:38:59.767Z

Reserved: 2024-03-27T11:51:43.426Z

Link: CVE-2024-30500

Vulnrichment

Updated: 2024-05-23T19:01:20.887Z

NVD

Status : Awaiting Analysis

Published: 2024-03-29T14:15:13.760

Modified: 2024-04-01T01:12:59.077

Link: CVE-2024-30500

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30500", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-03-27T11:51:43.426Z", "datePublished": "2024-03-29T13:35:06.065Z", "dateUpdated": "2024-08-02T01:38:59.767Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "cubewp-framework", "product": "CubeWP \u2013 All-in-One Dynamic Content Framework", "vendor": "CubeWP", "versions": [{"changes": [{"at": "1.1.13", "status": "unaffected"}], "lessThanOrEqual": "1.1.12", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Peng Zhou (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP \u2013 All-in-One Dynamic Content Framework.<p>This issue affects CubeWP \u2013 All-in-One Dynamic Content Framework: from n/a through 1.1.12.</p>"}], "value": "Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP \u2013 All-in-One Dynamic Content Framework.This issue affects CubeWP \u2013 All-in-One Dynamic Content Framework: from n/a through 1.1.12.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-03-29T13:35:06.065Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/cubewp-framework/wordpress-cubewp-plugin-1-1-12-arbitrary-file-upload-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.1.13 or a higher version."}], "value": "Update to 1.1.13 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress CubeWP plugin <= 1.1.12 - Arbitrary File Upload vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30500", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-01T19:57:41.648248Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:39:24.578Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:38:59.767Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/cubewp-framework/wordpress-cubewp-plugin-1-1-12-arbitrary-file-upload-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30500", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-03-27T11:51:43.426Z", "datePublished": "2024-03-29T13:35:06.065Z", "dateUpdated": "2024-06-04T17:39:24.578Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "cubewp-framework", "product": "CubeWP \u2013 All-in-One Dynamic Content Framework", "vendor": "CubeWP", "versions": [{"changes": [{"at": "1.1.13", "status": "unaffected"}], "lessThanOrEqual": "1.1.12", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Peng Zhou (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP \u2013 All-in-One Dynamic Content Framework.<p>This issue affects CubeWP \u2013 All-in-One Dynamic Content Framework: from n/a through 1.1.12.</p>"}], "value": "Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP \u2013 All-in-One Dynamic Content Framework.This issue affects CubeWP \u2013 All-in-One Dynamic Content Framework: from n/a through 1.1.12.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-03-29T13:35:06.065Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/cubewp-framework/wordpress-cubewp-plugin-1-1-12-arbitrary-file-upload-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.1.13 or a higher version."}], "value": "Update to 1.1.13 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress CubeWP plugin <= 1.1.12 - Arbitrary File Upload vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30500", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-01T19:57:41.648248Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:20.887Z"}, "title": "CISA ADP Vulnrichment"}]}}