CVE-2024-1937
CVE-2024-1937
Título es
CVE-2024-1937
Mar, 16/07/2024 – 09:15
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-1937
Descripción en
The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to modify the content of arbitrary published posts, which includes the ability to insert malicious JavaScript.
16/07/2024
16/07/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Gravedad 3.1 (CVSS 3.1 Base Score)
7.10
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Referencias
Enviar en el boletín
Off
