CVE-2024-1330

The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/1988815b-7a53-4657-9b1c-1f83c9f9ccfd/	Exploit Third Party Advisory
https://wpscan.com/vulnerability/1988815b-7a53-4657-9b1c-1f83c9f9ccfd/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:kadencewp:kadence_blocks_pro:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2024-06-27 06:15

Updated : 2025-03-13 19:15

NVD link : CVE-2024-1330

Mitre link : CVE-2024-1330

CVE.ORG link : CVE-2024-1330

JSON object : View

Products Affected

kadencewp

kadence_blocks_pro

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-1330", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-06-27T06:15:09.800", "references": [{"url": "https://wpscan.com/vulnerability/1988815b-7a53-4657-9b1c-1f83c9f9ccfd/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/1988815b-7a53-4657-9b1c-1f83c9f9ccfd/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database."}, {"lang": "es", "value": " El complemento de WordPress kadence-blocks-pro anterior a 2.3.8 no impide que los usuarios con al menos el rol de colaborador utilicen algunas de las funcionalidades de su c\u00f3digo corto para filtrar opciones arbitrarias de la base de datos."}], "lastModified": "2025-03-13T19:15:41.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kadencewp:kadence_blocks_pro:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9CF6F0F6-C4AB-4732-AB5F-F5DBCFDC4202", "versionEndExcluding": "2.3.8"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}