Search criteria
4 vulnerabilities found for ConvertPlug by Brainstorm Force
CVE-2024-3240 (GCVE-0-2024-3240)
Vulnerability from nvd – Published: 2024-05-04 03:31 – Updated: 2024-08-01 20:05
VLAI?
Summary
The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Severity ?
8.8 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brainstorm Force | ConvertPlug |
Affected:
* , ≤ 3.5.25
(semver)
|
Credits
1337_Wannabe
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:brainstormforce:convertplug:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "convertplug",
"vendor": "brainstormforce",
"versions": [
{
"lessThanOrEqual": "3.5.25",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T15:15:04.382028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:21:29.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fca3259b-bf0e-4b4a-815f-1eb399b8b674?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.convertplug.com/plus/product/convertplug/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ConvertPlug",
"vendor": "Brainstorm Force",
"versions": [
{
"lessThanOrEqual": "3.5.25",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "1337_Wannabe"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the \u0027settings_encoded\u0027 attribute of the \u0027smile_info_bar\u0027 shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-04T03:31:03.810Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fca3259b-bf0e-4b4a-815f-1eb399b8b674?source=cve"
},
{
"url": "https://www.convertplug.com/plus/product/convertplug/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-03T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-3240",
"datePublished": "2024-05-04T03:31:03.810Z",
"dateReserved": "2024-04-02T20:02:49.946Z",
"dateUpdated": "2024-08-01T20:05:08.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3237 (GCVE-0-2024-3237)
Vulnerability from nvd – Published: 2024-05-04 03:31 – Updated: 2024-08-01 20:05
VLAI?
Summary
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.
Severity ?
5.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brainstorm Force | ConvertPlug |
Affected:
* , ≤ 3.5.25
(semver)
|
Credits
Mohamed Awad
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T20:48:19.778813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:41.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd72420-dca1-455d-92a6-a178b4b26eab?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.convertplug.com/plus/product/convertplug/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ConvertPlug",
"vendor": "Brainstorm Force",
"versions": [
{
"lessThanOrEqual": "3.5.25",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mohamed Awad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-04T03:31:03.130Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd72420-dca1-455d-92a6-a178b4b26eab?source=cve"
},
{
"url": "https://www.convertplug.com/plus/product/convertplug/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-03T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-3237",
"datePublished": "2024-05-04T03:31:03.130Z",
"dateReserved": "2024-04-02T19:36:08.834Z",
"dateUpdated": "2024-08-01T20:05:08.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3240 (GCVE-0-2024-3240)
Vulnerability from cvelistv5 – Published: 2024-05-04 03:31 – Updated: 2024-08-01 20:05
VLAI?
Summary
The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Severity ?
8.8 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brainstorm Force | ConvertPlug |
Affected:
* , ≤ 3.5.25
(semver)
|
Credits
1337_Wannabe
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:brainstormforce:convertplug:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "convertplug",
"vendor": "brainstormforce",
"versions": [
{
"lessThanOrEqual": "3.5.25",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T15:15:04.382028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:21:29.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fca3259b-bf0e-4b4a-815f-1eb399b8b674?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.convertplug.com/plus/product/convertplug/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ConvertPlug",
"vendor": "Brainstorm Force",
"versions": [
{
"lessThanOrEqual": "3.5.25",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "1337_Wannabe"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the \u0027settings_encoded\u0027 attribute of the \u0027smile_info_bar\u0027 shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-04T03:31:03.810Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fca3259b-bf0e-4b4a-815f-1eb399b8b674?source=cve"
},
{
"url": "https://www.convertplug.com/plus/product/convertplug/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-03T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-3240",
"datePublished": "2024-05-04T03:31:03.810Z",
"dateReserved": "2024-04-02T20:02:49.946Z",
"dateUpdated": "2024-08-01T20:05:08.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3237 (GCVE-0-2024-3237)
Vulnerability from cvelistv5 – Published: 2024-05-04 03:31 – Updated: 2024-08-01 20:05
VLAI?
Summary
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.
Severity ?
5.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brainstorm Force | ConvertPlug |
Affected:
* , ≤ 3.5.25
(semver)
|
Credits
Mohamed Awad
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T20:48:19.778813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:41.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd72420-dca1-455d-92a6-a178b4b26eab?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.convertplug.com/plus/product/convertplug/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ConvertPlug",
"vendor": "Brainstorm Force",
"versions": [
{
"lessThanOrEqual": "3.5.25",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mohamed Awad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-04T03:31:03.130Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd72420-dca1-455d-92a6-a178b4b26eab?source=cve"
},
{
"url": "https://www.convertplug.com/plus/product/convertplug/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-03T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-3237",
"datePublished": "2024-05-04T03:31:03.130Z",
"dateReserved": "2024-04-02T19:36:08.834Z",
"dateUpdated": "2024-08-01T20:05:08.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}