CVE-2024-5570

{"id": "CVE-2024-5570", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-06-28T06:15:06.593", "references": [{"url": "https://wpscan.com/vulnerability/49b3a8cb-f606-4cf7-80ec-bfdafd74e848/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/49b3a8cb-f606-4cf7-80ec-bfdafd74e848/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them"}, {"lang": "es", "value": "El complemento Simple Photoswipe de WordPress hasta la versi\u00f3n 0.1 no tiene verificaci\u00f3n de autorizaci\u00f3n al actualizar su configuraci\u00f3n, lo que podr\u00eda permitir que cualquier usuario autenticado, como un suscriptor, los actualice."}], "lastModified": "2025-05-19T20:46:21.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zitscher:simple_photoswipe:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9C569404-6853-486A-9DB8-0CE0D85E3571", "versionEndIncluding": "0.1"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}