CVE-2024-38787

{"id": "CVE-2024-38787", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-08-13T11:15:17.080", "references": [{"url": "https://patchstack.com/database/vulnerability/import-users-from-csv-with-meta/wordpress-import-and-export-users-and-customers-plugin-1-26-8-sensitive-information-via-imported-file-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and export users and customers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Import and export users and customers: from n/a through 1.26.8."}, {"lang": "es", "value": "La exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en los usuarios y clientes de importaci\u00f3n y exportaci\u00f3n de Codection permite el acceso a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta a los usuarios y clientes de importaci\u00f3n y exportaci\u00f3n: desde n/a hasta 1.26.8."}], "lastModified": "2024-08-13T12:58:25.437", "sourceIdentifier": "audit@patchstack.com"}