CVE-2024-3658

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-51478. Reason: This candidate is a reservation duplicate of CVE-2023-51478. Notes: All CVE users should reference CVE-2023-51478 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

28 May 2024, 15:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : unknown
References	~~{'url': 'https://plugins.trac.wordpress.org/browser/build-app-online/tags/1.0.21/public/class-build-app-online-public.php#L814', 'source': 'security@wordfence.com'}~~ ~~{'url': 'https://www.wordfence.com/threat-intel/vulnerabilities/id/65d423ad-da51-4616-860d-2b9354d44147?source=cve', 'source': 'security@wordfence.com'}~~
Summary	(en) The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21. This is due to missing authentication checking in the 'set_user_cart' function with the 'user_id' header value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.	(en) Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-51478. Reason: This candidate is a reservation duplicate of CVE-2023-51478. Notes: All CVE users should reference CVE-2023-51478 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

18 May 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-18 10:15

Updated : 2024-05-28 15:15

NVD link : CVE-2024-3658

Mitre link : CVE-2024-3658

CVE.ORG link : CVE-2024-3658

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-3658

Attach tags to `CVE-2024-3658`