CVE-2024-34821 (GCVE-0-2024-34821)
Vulnerability from cvelistv5 – Published: 2024-06-11 16:03 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Anssi Laitila Contact List contact-list.This issue affects Contact List: from n/a through <= 2.9.87.
Severity
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Anssi Laitila | Contact List |
Affected:
0 , ≤ 2.9.87
(custom)
|
Date Public
2026-04-01 16:25
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tammersoft:contact_list:0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "contact_list",
"vendor": "tammersoft",
"versions": [
{
"lessThanOrEqual": "2.9.87",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T17:47:32.747339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T17:49:41.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/contact-list/wordpress-contact-list-plugin-2-9-87-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "contact-list",
"product": "Contact List",
"vendor": "Anssi Laitila",
"versions": [
{
"changes": [
{
"at": "2.9.88",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.9.87",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dhabaleshwar Das | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:25:55.914Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Anssi Laitila Contact List contact-list.\u003cp\u003eThis issue affects Contact List: from n/a through \u003c= 2.9.87.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Anssi Laitila Contact List contact-list.This issue affects Contact List: from n/a through \u003c= 2.9.87."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:51.576Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/contact-list/vulnerability/wordpress-contact-list-plugin-2-9-87-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Contact List plugin \u003c= 2.9.87 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-34821",
"datePublished": "2024-06-11T16:03:58.318Z",
"dateReserved": "2024-05-09T12:39:22.883Z",
"dateUpdated": "2026-04-28T16:09:51.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-34821",
"date": "2026-05-29",
"epss": "0.00111",
"percentile": "0.29282"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-34821\",\"sourceIdentifier\":\"audit@patchstack.com\",\"published\":\"2024-06-11T16:15:28.280\",\"lastModified\":\"2026-04-23T15:18:27.680\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Missing Authorization vulnerability in Anssi Laitila Contact List contact-list.This issue affects Contact List: from n/a through \u003c= 2.9.87.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de falta de autorizaci\u00f3n en Contact List PRO Contact List \u2013 Easy Business Directory, Staff Directory and Address Book Plugin. Este problema afecta a Contact List \u2013 Easy Business Directory, Staff Directory and Address Book Plugin: desde n/a hasta 2.9.87.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:contactlistpro:contact_list:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"2.9.88\",\"matchCriteriaId\":\"4D3D2BBA-2DE2-4871-A587-5D18489A6DE1\"}]}]}],\"references\":[{\"url\":\"https://patchstack.com/database/Wordpress/Plugin/contact-list/vulnerability/wordpress-contact-list-plugin-2-9-87-broken-access-control-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"},{\"url\":\"https://patchstack.com/database/vulnerability/contact-list/wordpress-contact-list-plugin-2-9-87-broken-access-control-vulnerability?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://patchstack.com/database/vulnerability/contact-list/wordpress-contact-list-plugin-2-9-87-broken-access-control-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:59:22.617Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-34821\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-11T17:47:32.747339Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:tammersoft:contact_list:0:*:*:*:*:*:*:*\"], \"vendor\": \"tammersoft\", \"product\": \"contact_list\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.9.87\"}], \"defaultStatus\": \"affected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-11T17:49:34.428Z\"}}], \"cna\": {\"title\": \"WordPress Contact List plugin \u003c= 2.9.87 - Broken Access Control vulnerability\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Dhabaleshwar Das (Patchstack Alliance)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Contact List PRO\", \"product\": \"Contact List \\u2013 Easy Business Directory, Staff Directory and Address Book Plugin\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"2.9.88\", \"status\": \"unaffected\"}], \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.9.87\"}], \"packageName\": \"contact-list\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to 2.9.88 or a higher version.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update to 2.9.88 or a higher version.\", \"base64\": false}]}], \"references\": [{\"url\": \"https://patchstack.com/database/vulnerability/contact-list/wordpress-contact-list-plugin-2-9-87-broken-access-control-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Missing Authorization vulnerability in Contact List PRO Contact List \\u2013 Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List \\u2013 Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through 2.9.87.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Missing Authorization vulnerability in Contact List PRO Contact List \\u2013 Easy Business Directory, Staff Directory and Address Book Plugin.\u003cp\u003eThis issue affects Contact List \\u2013 Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through 2.9.87.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862 Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"shortName\": \"Patchstack\", \"dateUpdated\": \"2024-06-11T16:03:58.318Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-34821\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T02:59:22.617Z\", \"dateReserved\": \"2024-05-09T12:39:22.883Z\", \"assignerOrgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"datePublished\": \"2024-06-11T16:03:58.318Z\", \"assignerShortName\": \"Patchstack\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…