{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38792", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-06-19T15:08:12.137Z", "datePublished": "2024-11-01T14:17:56.151Z", "dateUpdated": "2024-11-01T18:40:01.060Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-11-01T14:17:56.151Z"}, "title": "WordPress ConveyThis Translate plugin <= 234 - Non-arbitrary Options Update vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "affected": [{"vendor": "ConveyThis Translate Team", "product": "Language Translate Widget for WordPress \u2013 ConveyThis", "collectionURL": "https://wordpress.org/plugins", "packageName": "conveythis-translate", "versions": [{"status": "affected", "version": "n/a", "lessThanOrEqual": "234", "changes": [{"at": "235", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress \u2013 ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress \u2013 ConveyThis: from n/a through 234.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress \u2013 ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.<p>This issue affects Language Translate Widget for WordPress \u2013 ConveyThis: from n/a through 234.</p>"}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/conveythis-translate/wordpress-conveythis-translate-plugin-234-non-arbitrary-options-update-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "Update to 235 or a higher version.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Update to 235 or a higher version."}]}], "credits": [{"lang": "en", "value": "Humberto Castelo Branco (Patchstack Alliance)", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "conveythis", "product": "language_translate_widget_for_wordpress_conveythis", "cpes": ["cpe:2.3:a:conveythis:language_translate_widget_for_wordpress_conveythis:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "234", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-01T18:35:07.677749Z", "id": "CVE-2024-38792", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-01T18:40:01.060Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38792", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-01T18:35:07.677749Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:conveythis:language_translate_widget_for_wordpress_conveythis:*:*:*:*:*:*:*:*"], "vendor": "conveythis", "product": "language_translate_widget_for_wordpress_conveythis", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "234"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-01T18:39:50.013Z"}}], "cna": {"title": "WordPress ConveyThis Translate plugin <= 234 - Non-arbitrary Options Update vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Humberto Castelo Branco (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ConveyThis Translate Team", "product": "Language Translate Widget for WordPress \u2013 ConveyThis", "versions": [{"status": "affected", "changes": [{"at": "235", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "234"}], "packageName": "conveythis-translate", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 235 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 235 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/conveythis-translate/wordpress-conveythis-translate-plugin-234-non-arbitrary-options-update-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress \u2013 ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress \u2013 ConveyThis: from n/a through 234.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress \u2013 ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.<p>This issue affects Language Translate Widget for WordPress \u2013 ConveyThis: from n/a through 234.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-11-01T14:17:56.151Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38792", "state": "PUBLISHED", "dateUpdated": "2024-11-01T18:40:01.060Z", "dateReserved": "2024-06-19T15:08:12.137Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-11-01T14:17:56.151Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress \u2013 ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress \u2013 ConveyThis: from n/a through 234."}], "id": "CVE-2024-38792", "lastModified": "2024-11-01T20:24:53.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2024-11-01T15:15:35.787", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/vulnerability/conveythis-translate/wordpress-conveythis-translate-plugin-234-non-arbitrary-options-update-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}