Search criteria
2 vulnerabilities found for Language Translate Widget for WordPress – ConveyThis by ConveyThis Translate Team
CVE-2024-38792 (GCVE-0-2024-38792)
Vulnerability from nvd – Published: 2024-11-01 14:17 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress ConveyThis Translate plugin <= 234 - Non-arbitrary Options Update vulnerability
Summary
Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress – ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 234.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/con… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ConveyThis Translate Team | Language Translate Widget for WordPress – ConveyThis |
Affected:
n/a , ≤ 234
(custom)
|
|
| conveythis | language_translate_widget_for_wordpress_conveythis |
Affected:
0 , ≤ 234
(custom)
cpe:2.3:a:conveythis:language_translate_widget_for_wordpress_conveythis:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:conveythis:language_translate_widget_for_wordpress_conveythis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "language_translate_widget_for_wordpress_conveythis",
"vendor": "conveythis",
"versions": [
{
"lessThanOrEqual": "234",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T18:35:07.677749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T18:40:01.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "conveythis-translate",
"product": "Language Translate Widget for WordPress \u2013 ConveyThis",
"vendor": "ConveyThis Translate Team",
"versions": [
{
"changes": [
{
"at": "235",
"status": "unaffected"
}
],
"lessThanOrEqual": "234",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Humberto Castelo Branco (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress \u2013 ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Language Translate Widget for WordPress \u2013 ConveyThis: from n/a through 234.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress \u2013 ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress \u2013 ConveyThis: from n/a through 234."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:07.209Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/conveythis-translate/wordpress-conveythis-translate-plugin-234-non-arbitrary-options-update-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 235 or a higher version."
}
],
"value": "Update to 235 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress ConveyThis Translate plugin \u003c= 234 - Non-arbitrary Options Update vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-38792",
"datePublished": "2024-11-01T14:17:56.151Z",
"dateReserved": "2024-06-19T15:08:12.137Z",
"dateUpdated": "2026-04-28T16:10:07.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38792 (GCVE-0-2024-38792)
Vulnerability from cvelistv5 – Published: 2024-11-01 14:17 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress ConveyThis Translate plugin <= 234 - Non-arbitrary Options Update vulnerability
Summary
Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress – ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 234.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/con… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ConveyThis Translate Team | Language Translate Widget for WordPress – ConveyThis |
Affected:
n/a , ≤ 234
(custom)
|
|
| conveythis | language_translate_widget_for_wordpress_conveythis |
Affected:
0 , ≤ 234
(custom)
cpe:2.3:a:conveythis:language_translate_widget_for_wordpress_conveythis:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:conveythis:language_translate_widget_for_wordpress_conveythis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "language_translate_widget_for_wordpress_conveythis",
"vendor": "conveythis",
"versions": [
{
"lessThanOrEqual": "234",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T18:35:07.677749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T18:40:01.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "conveythis-translate",
"product": "Language Translate Widget for WordPress \u2013 ConveyThis",
"vendor": "ConveyThis Translate Team",
"versions": [
{
"changes": [
{
"at": "235",
"status": "unaffected"
}
],
"lessThanOrEqual": "234",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Humberto Castelo Branco (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress \u2013 ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Language Translate Widget for WordPress \u2013 ConveyThis: from n/a through 234.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress \u2013 ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress \u2013 ConveyThis: from n/a through 234."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:07.209Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/conveythis-translate/wordpress-conveythis-translate-plugin-234-non-arbitrary-options-update-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 235 or a higher version."
}
],
"value": "Update to 235 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress ConveyThis Translate plugin \u003c= 234 - Non-arbitrary Options Update vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-38792",
"datePublished": "2024-11-01T14:17:56.151Z",
"dateReserved": "2024-06-19T15:08:12.137Z",
"dateUpdated": "2026-04-28T16:10:07.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}