CVE-2024-5807

{"id": "CVE-2024-5807", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-07-30T06:15:02.917", "references": [{"url": "https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af8982c1f/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af8982c1f/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations."}, {"lang": "es", "value": " El complemento Business Card WordPress hasta la versi\u00f3n 1.0.0 no impide que los usuarios con privilegios elevados, como los administradores, carguen archivos PHP maliciosos, lo que podr\u00eda permitirles ejecutar c\u00f3digo arbitrario en los servidores que alojan su sitio, incluso en configuraciones Multisitio."}], "lastModified": "2025-05-28T00:50:36.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:esterox:business_card:1.0.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FB387573-2EBF-44FB-8B7F-F9D721E6CFC4"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}