CVE-2024-1229 - Vulnerability Details - OpenCVE

The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybe_disconnect_simpleshop function in all versions up to, and including, 2.10.2. This makes it possible for unauthenticated attackers to disconnect the SimpleShop.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Wordpress

No data.

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/simpleshop-cz/trunk/src/Settings.php?rev=3019145#L341
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3080151%40simpleshop-cz&new=3080151%40simpleshop-cz&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/4dc39c47-3b99-4e43-b25d-a025f3d228b5?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-05-09T20:03:25.268Z

Updated: 2024-08-01T18:33:25.170Z

Reserved: 2024-02-05T15:42:50.346Z

Link: CVE-2024-1229

Vulnrichment

Updated: 2024-08-01T18:33:25.170Z

NVD

Status : Awaiting Analysis

Published: 2024-05-14T14:45:42.160

Modified: 2024-11-21T08:50:06.520

Link: CVE-2024-1229

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1229", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-02-05T15:42:50.346Z", "datePublished": "2024-05-09T20:03:25.268Z", "dateUpdated": "2024-08-01T18:33:25.170Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-09T20:03:25.268Z"}, "affected": [{"vendor": "redbitcz", "product": "SimpleShop", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.10.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybe_disconnect_simpleshop function in all versions up to, and including, 2.10.2. This makes it possible for unauthenticated attackers to disconnect the SimpleShop."}], "title": "SimpleShop <= 2.10.2 - Missing Authorization", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4dc39c47-3b99-4e43-b25d-a025f3d228b5?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/simpleshop-cz/trunk/src/Settings.php?rev=3019145#L341"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3080151%40simpleshop-cz&new=3080151%40simpleshop-cz&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Francesco Carlucci"}], "timeline": [{"time": "2024-05-03T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"affected": [{"vendor": "redbit_sro", "product": "simple_shop", "cpes": ["cpe:2.3:a:redbit_sro:simple_shop:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.10.2", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-16T19:13:11.812500Z", "id": "CVE-2024-1229", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T13:10:01.070Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.170Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4dc39c47-3b99-4e43-b25d-a025f3d228b5?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/simpleshop-cz/trunk/src/Settings.php?rev=3019145#L341", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3080151%40simpleshop-cz&new=3080151%40simpleshop-cz&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4dc39c47-3b99-4e43-b25d-a025f3d228b5?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/simpleshop-cz/trunk/src/Settings.php?rev=3019145#L341", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3080151%40simpleshop-cz&new=3080151%40simpleshop-cz&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.170Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1229", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-16T19:13:11.812500Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:redbit_sro:simple_shop:*:*:*:*:*:*:*:*"], "vendor": "redbit_sro", "product": "simple_shop", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.10.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-16T19:14:53.972Z"}}], "cna": {"title": "SimpleShop <= 2.10.2 - Missing Authorization", "credits": [{"lang": "en", "type": "finder", "value": "Francesco Carlucci"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "redbitcz", "product": "SimpleShop", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.10.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-05-03T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4dc39c47-3b99-4e43-b25d-a025f3d228b5?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/simpleshop-cz/trunk/src/Settings.php?rev=3019145#L341"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3080151%40simpleshop-cz&new=3080151%40simpleshop-cz&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybe_disconnect_simpleshop function in all versions up to, and including, 2.10.2. This makes it possible for unauthenticated attackers to disconnect the SimpleShop."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-09T20:03:25.268Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1229", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:33:25.170Z", "dateReserved": "2024-02-05T15:42:50.346Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-05-09T20:03:25.268Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybe_disconnect_simpleshop function in all versions up to, and including, 2.10.2. This makes it possible for unauthenticated attackers to disconnect the SimpleShop."}, {"lang": "es", "value": "El complemento SimpleShop para WordPress es vulnerable a la desconexi\u00f3n no autorizada de SimpleShop debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n Maybe_disconnect_simpleshop en todas las versiones hasta la 2.10.2 incluida. Esto hace posible que atacantes no autenticados desconecten SimpleShop."}], "id": "CVE-2024-1229", "lastModified": "2024-11-21T08:50:06.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-05-14T14:45:42.160", "references": [{"source": "[email protected]", "url": "https://plugins.trac.wordpress.org/browser/simpleshop-cz/trunk/src/Settings.php?rev=3019145#L341"}, {"source": "[email protected]", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3080151%40simpleshop-cz&new=3080151%40simpleshop-cz&sfp_email=&sfph_mail="}, {"source": "[email protected]", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4dc39c47-3b99-4e43-b25d-a025f3d228b5?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/simpleshop-cz/trunk/src/Settings.php?rev=3019145#L341"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3080151%40simpleshop-cz&new=3080151%40simpleshop-cz&sfp_email=&sfph_mail="}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4dc39c47-3b99-4e43-b25d-a025f3d228b5?source=cve"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis"}