CVE-2024-0829

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Mar 13, 2024

Summary

CVE-2024-0829 is a vulnerability found in the Comments Extra Fields For Post, Pages, and CPT plugin for WordPress. This vulnerability affects all versions up to and including 5.0. The issue arises from missing or incorrect capability checks on several ajax actions, which allows authenticated attackers with subscriber access or higher privileges to exploit these actions. As a result, attackers can modify comment form fields and update plugin settings. The risk score for this vulnerability is 5, indicating a medium severity level. No changes have been made to the rating provided by security@wordfence.com, which states that the exploitability score is 2.8 out of 10. The base severity score is categorized as medium at 4.3 out of 10. The privileges required for exploitation are low, with no user interaction required, and the attack vector is through the network. The impact on integrity is low, and there is no impact on confidentiality. The attack complexity is low, and there is no availability impact identified. Remediation steps or further analysis are not provided in the information available.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0829 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options