CVE-2024-44020

Missing Authorization vulnerability in Prasad Kirpekar WP Free SSL – Free SSL Certificate for WordPress and force HTTPS allows . This issue affects WP Free SSL – Free SSL Certificate for WordPress and force HTTPS: from n/a through 1.2.6.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/wp-free-ssl/wordpress-wp-free-ssl-plugin-1-2-6-broken-access-control-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:prasadkirpekar:wp_free_ssl:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2024-11-01 15:15

Updated : 2024-11-08 21:02

NVD link : CVE-2024-44020

Mitre link : CVE-2024-44020

CVE.ORG link : CVE-2024-44020

JSON object : View

Products Affected

prasadkirpekar

wp_free_ssl

CWE

CWE-862

Missing Authorization

{"id": "CVE-2024-44020", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-11-01T15:15:52.483", "references": [{"url": "https://patchstack.com/database/vulnerability/wp-free-ssl/wordpress-wp-free-ssl-plugin-1-2-6-broken-access-control-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Prasad Kirpekar WP Free SSL \u2013 Free SSL Certificate for WordPress and force HTTPS allows .\n\nThis issue affects WP Free SSL \u2013 Free SSL Certificate for WordPress and force HTTPS: from n/a through 1.2.6."}, {"lang": "es", "value": "Vulnerabilidad de falta de autorizaci\u00f3n en Prasad Kirpekar WP Free SSL \u2013 Free SSL Certificate for WordPress and force HTTPS permite . Este problema afecta a WP Free SSL \u2013 Free SSL Certificate for WordPress and force HTTPS: desde n/a hasta 1.2.6."}], "lastModified": "2024-11-08T21:02:41.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:prasadkirpekar:wp_free_ssl:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "153C0023-3D74-41A5-B602-5F10C0D497CB", "versionEndIncluding": "1.2.6"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}