Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for iPanorama 360 WordPress Virtual Tour Builder by Avirtum

    CVE-2024-38690 (GCVE-0-2024-38690)

    Vulnerability from nvd – Published: 2024-11-01 14:18 – Updated: 2026-04-28 16:10
    VLAI
    Title
    WordPress iPanorama 360 plugin <= 1.8.3 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Avirtum iPanorama 360 WordPress Virtual Tour Builder Affected: n/a , ≤ 1.8.3 (custom)
    Create a notification for this product.
    ipanorama_360_wordpress_virtual_tour_builder_project ipanorama_360_wordpress_virtual_tour_builder Affected: 0 , ≤ 1.8.3 (custom)
        cpe:2.3:a:ipanorama_360_wordpress_virtual_tour_builder_project:ipanorama_360_wordpress_virtual_tour_builder:-:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Steven Julian (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ipanorama_360_wordpress_virtual_tour_builder_project:ipanorama_360_wordpress_virtual_tour_builder:-:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "ipanorama_360_wordpress_virtual_tour_builder",
                "vendor": "ipanorama_360_wordpress_virtual_tour_builder_project",
                "versions": [
                  {
                    "lessThanOrEqual": "1.8.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38690",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T18:25:36.604151Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T18:28:26.844Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "ipanorama-360-virtual-tour-builder-lite",
              "product": "iPanorama 360 WordPress Virtual Tour Builder",
              "vendor": "Avirtum",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.8.4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.8.3",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Steven Julian (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:04.782Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/ipanorama-360-virtual-tour-builder-lite/wordpress-ipanorama-360-plugin-1-8-3-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to 1.8.4 or a higher version."
                }
              ],
              "value": "Update to 1.8.4 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress iPanorama 360 plugin \u003c= 1.8.3 - Broken Access Control vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-38690",
        "datePublished": "2024-11-01T14:18:09.345Z",
        "dateReserved": "2024-06-19T11:15:58.115Z",
        "dateUpdated": "2026-04-28T16:10:04.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-33941 (GCVE-0-2024-33941)

    Vulnerability from nvd – Published: 2024-05-03 07:26 – Updated: 2026-04-28 16:09
    VLAI
    Title
    WordPress iPanorama 360 plugin <= 1.8.1 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Avirtum iPanorama 360 WordPress Virtual Tour Builder Affected: n/a , ≤ 1.8.1 (custom)
    Create a notification for this product.
    ipanorama_360_wordpress_virtual_tour_builder_project ipanorama_360_wordpress_virtual_tour_builder Affected: 0 , ≤ 1.8.1 (custom)
        cpe:2.3:a:ipanorama_360_wordpress_virtual_tour_builder_project:ipanorama_360_wordpress_virtual_tour_builder:-:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Dhabaleshwar Das (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ipanorama_360_wordpress_virtual_tour_builder_project:ipanorama_360_wordpress_virtual_tour_builder:-:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipanorama_360_wordpress_virtual_tour_builder",
                "vendor": "ipanorama_360_wordpress_virtual_tour_builder_project",
                "versions": [
                  {
                    "lessThanOrEqual": "1.8.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33941",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-03T17:41:45.753375Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T18:29:31.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:42:59.662Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/ipanorama-360-virtual-tour-builder-lite/wordpress-ipanorama-360-plugin-1-8-1-broken-access-control-vulnerability?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "ipanorama-360-virtual-tour-builder-lite",
              "product": "iPanorama 360 WordPress Virtual Tour Builder",
              "vendor": "Avirtum",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.8.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.8.1",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Dhabaleshwar Das (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.\u003cp\u003eThis issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:09:46.905Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/ipanorama-360-virtual-tour-builder-lite/wordpress-ipanorama-360-plugin-1-8-1-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to 1.8.2 or a higher version."
                }
              ],
              "value": "Update to 1.8.2 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress iPanorama 360 plugin \u003c= 1.8.1 - Broken Access Control vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-33941",
        "datePublished": "2024-05-03T07:26:32.006Z",
        "dateReserved": "2024-04-29T08:10:25.154Z",
        "dateUpdated": "2026-04-28T16:09:46.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-38690 (GCVE-0-2024-38690)

    Vulnerability from cvelistv5 – Published: 2024-11-01 14:18 – Updated: 2026-04-28 16:10
    VLAI
    Title
    WordPress iPanorama 360 plugin <= 1.8.3 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Avirtum iPanorama 360 WordPress Virtual Tour Builder Affected: n/a , ≤ 1.8.3 (custom)
    Create a notification for this product.
    ipanorama_360_wordpress_virtual_tour_builder_project ipanorama_360_wordpress_virtual_tour_builder Affected: 0 , ≤ 1.8.3 (custom)
        cpe:2.3:a:ipanorama_360_wordpress_virtual_tour_builder_project:ipanorama_360_wordpress_virtual_tour_builder:-:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Steven Julian (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ipanorama_360_wordpress_virtual_tour_builder_project:ipanorama_360_wordpress_virtual_tour_builder:-:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "ipanorama_360_wordpress_virtual_tour_builder",
                "vendor": "ipanorama_360_wordpress_virtual_tour_builder_project",
                "versions": [
                  {
                    "lessThanOrEqual": "1.8.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38690",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T18:25:36.604151Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T18:28:26.844Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "ipanorama-360-virtual-tour-builder-lite",
              "product": "iPanorama 360 WordPress Virtual Tour Builder",
              "vendor": "Avirtum",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.8.4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.8.3",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Steven Julian (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:04.782Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/ipanorama-360-virtual-tour-builder-lite/wordpress-ipanorama-360-plugin-1-8-3-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to 1.8.4 or a higher version."
                }
              ],
              "value": "Update to 1.8.4 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress iPanorama 360 plugin \u003c= 1.8.3 - Broken Access Control vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-38690",
        "datePublished": "2024-11-01T14:18:09.345Z",
        "dateReserved": "2024-06-19T11:15:58.115Z",
        "dateUpdated": "2026-04-28T16:10:04.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-33941 (GCVE-0-2024-33941)

    Vulnerability from cvelistv5 – Published: 2024-05-03 07:26 – Updated: 2026-04-28 16:09
    VLAI
    Title
    WordPress iPanorama 360 plugin <= 1.8.1 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Avirtum iPanorama 360 WordPress Virtual Tour Builder Affected: n/a , ≤ 1.8.1 (custom)
    Create a notification for this product.
    ipanorama_360_wordpress_virtual_tour_builder_project ipanorama_360_wordpress_virtual_tour_builder Affected: 0 , ≤ 1.8.1 (custom)
        cpe:2.3:a:ipanorama_360_wordpress_virtual_tour_builder_project:ipanorama_360_wordpress_virtual_tour_builder:-:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Dhabaleshwar Das (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ipanorama_360_wordpress_virtual_tour_builder_project:ipanorama_360_wordpress_virtual_tour_builder:-:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipanorama_360_wordpress_virtual_tour_builder",
                "vendor": "ipanorama_360_wordpress_virtual_tour_builder_project",
                "versions": [
                  {
                    "lessThanOrEqual": "1.8.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33941",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-03T17:41:45.753375Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T18:29:31.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:42:59.662Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/ipanorama-360-virtual-tour-builder-lite/wordpress-ipanorama-360-plugin-1-8-1-broken-access-control-vulnerability?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "ipanorama-360-virtual-tour-builder-lite",
              "product": "iPanorama 360 WordPress Virtual Tour Builder",
              "vendor": "Avirtum",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.8.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.8.1",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Dhabaleshwar Das (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.\u003cp\u003eThis issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:09:46.905Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/ipanorama-360-virtual-tour-builder-lite/wordpress-ipanorama-360-plugin-1-8-1-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to 1.8.2 or a higher version."
                }
              ],
              "value": "Update to 1.8.2 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress iPanorama 360 plugin \u003c= 1.8.1 - Broken Access Control vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-33941",
        "datePublished": "2024-05-03T07:26:32.006Z",
        "dateReserved": "2024-04-29T08:10:25.154Z",
        "dateUpdated": "2026-04-28T16:09:46.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }