CVE-2024-33569 - Vulnerability Details - OpenCVE

Description

Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0.

Published: 2024-05-17

Score: 7.2 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Darren Cooney

Instant Images

unaffected

Version	Status	Constraints
`n/a`	affected	≤ 6.1.0

No data.

No data.

No data available yet.

Remediation

Vendor Solution

Update to 6.1.1 or a higher version.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-31306	Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00196.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-plugin-6-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve

History

No history.

Subscriptions

Connekthq Instant Images

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-05-17T08:14:36.732Z

Updated: 2024-08-02T02:36:04.120Z

Reserved: 2024-04-24T10:35:13.100Z

Link: CVE-2024-33569

Vulnrichment

Updated: 2024-05-22T17:32:06.680Z

NVD

Status : Awaiting Analysis

Published: 2024-05-17T09:15:42.353

Modified: 2024-11-21T09:17:10.307

Link: CVE-2024-33569

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-269

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-33569", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-04-24T10:35:13.100Z", "datePublished": "2024-05-17T08:14:36.732Z", "dateUpdated": "2024-08-02T02:36:04.120Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "instant-images", "product": "Instant Images", "vendor": "Darren Cooney", "versions": [{"changes": [{"at": "6.1.1", "status": "unaffected"}], "lessThanOrEqual": "6.1.0", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Rafie Muhammad (Patchstack)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.<p>This issue affects Instant Images: from n/a through 6.1.0.</p>"}], "value": "Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-05-17T08:14:36.732Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-plugin-6-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 6.1.1 or a higher version."}], "value": "Update to 6.1.1 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Instant Images plugin <= 6.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "connekthq", "product": "instant_images", "cpes": ["cpe:2.3:a:connekthq:instant_images:*:*:*:*:*:wordpress:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.1.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-22T17:35:07.793551Z", "id": "CVE-2024-33569", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T13:41:16.604Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:36:04.120Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-plugin-6-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-33569", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-22T17:35:07.793551Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:connekthq:instant_images:*:*:*:*:*:wordpress:*:*"], "vendor": "connekthq", "product": "instant_images", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.1.0"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-22T17:32:06.680Z"}}], "cna": {"title": "WordPress Instant Images plugin <= 6.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Rafie Muhammad (Patchstack)"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Darren Cooney", "product": "Instant Images", "versions": [{"status": "affected", "changes": [{"at": "6.1.1", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "6.1.0"}], "packageName": "instant-images", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 6.1.1 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 6.1.1 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-plugin-6-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0.", "supportingMedia": [{"type": "text/html", "value": "Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.<p>This issue affects Instant Images: from n/a through 6.1.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-05-17T08:14:36.732Z"}}}, "cveMetadata": {"cveId": "CVE-2024-33569", "state": "PUBLISHED", "dateUpdated": "2024-07-25T13:41:16.604Z", "dateReserved": "2024-04-24T10:35:13.100Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-05-17T08:14:36.732Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}