CVE-2024-6750 - Vulnerability Details - OpenCVE

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00347.

Key SSVC decision points have not yet been added.

Vendors	Products
Wpwebinfotech	Social Auto Poster

Configuration 1 [-]

cpe:2.3:a:wpwebinfotech:social_auto_poster:*:*:*:*:*:wordpress:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169
https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve

History

Tue, 03 Sep 2024 22:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wpwebinfotech Wpwebinfotech social Auto Poster
CPEs		cpe:2.3:a:wpwebinfotech:social_auto_poster::::::wordpress::*
Vendors & Products		Wpwebinfotech Wpwebinfotech social Auto Poster

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-07-24T02:33:55.116Z

Updated: 2024-08-01T21:41:04.583Z

Reserved: 2024-07-15T13:00:22.715Z

Link: CVE-2024-6750

Vulnrichment

Updated: 2024-08-01T21:41:04.583Z

NVD

Status : Modified

Published: 2024-07-24T03:15:03.477

Modified: 2024-11-21T09:50:14.623

Link: CVE-2024-6750

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6750", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-07-15T13:00:22.715Z", "datePublished": "2024-07-24T02:33:55.116Z", "dateUpdated": "2024-08-01T21:41:04.583Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-07-24T02:33:55.116Z"}, "affected": [{"vendor": "WPWeb", "product": "Social Auto Poster", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "5.3.14", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options."}], "title": "Social Auto Poster <= 5.3.14 - Missing Authorization via Multiple Functions", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve"}, {"url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "timeline": [{"time": "2024-07-15T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2024-07-15T00:00:00.000+00:00", "lang": "en", "value": "Vendor Notified"}, {"time": "2024-07-23T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-26T20:39:54.922397Z", "id": "CVE-2024-6750", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T20:40:10.245Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:04.583Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve", "tags": ["x_transferred"]}, {"url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve", "tags": ["x_transferred"]}, {"url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:04.583Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6750", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-26T20:39:54.922397Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T20:40:03.819Z"}}], "cna": {"title": "Social Auto Poster <= 5.3.14 - Missing Authorization via Multiple Functions", "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}], "affected": [{"vendor": "WPWeb", "product": "Social Auto Poster", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "5.3.14"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-07-15T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2024-07-15T00:00:00.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2024-07-23T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve"}, {"url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169"}], "descriptions": [{"lang": "en", "value": "The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-07-24T02:33:55.116Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6750", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:41:04.583Z", "dateReserved": "2024-07-15T13:00:22.715Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-07-24T02:33:55.116Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpwebinfotech:social_auto_poster:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "52D98036-BC8E-43E0-A6E3-5546B9891892", "versionEndExcluding": "5.3.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options."}, {"lang": "es", "value": "El complemento Social Auto Poster para WordPress es vulnerable al acceso no autorizado, modificaci\u00f3n y p\u00e9rdida de datos debido a una falta de verificaci\u00f3n de capacidad en m\u00faltiples funciones en todas las versiones hasta la 5.3.14 incluida. Esto hace posible que atacantes no autenticados agreguen, modifiquen o eliminen opciones de complementos y metadatos de publicaciones."}], "id": "CVE-2024-6750", "lastModified": "2024-11-21T09:50:14.623", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-24T03:15:03.477", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}