In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 14-15, 2024.
During this period, The National Vulnerability Database published 50, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 7
Medium: 42
Low: 0
Severity Not Assigned: 1
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-9698
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/crafthemes-demo-import/trunk/inc/Helpers.php#L421
https://www.wordfence.com/threat-intel/vulnerabilities/id/e44dd0e8-e6e7-4a2d-b9ca-abd1de273092?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-10646
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://plugins.trac.wordpress.org/browser/fluentform/tags/5.2.4
https://plugins.trac.wordpress.org/changeset/3203147/fluentform/trunk/boot/globals.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/41c2ec31-360d-4145-b0b4-77d4d1d4b8a1?source=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-11711
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://gist.github.com/g1-nhantv/b388ef3b4ff57c69f719c363d7fea399#file-resume_model-php-L35
https://plugins.trac.wordpress.org/changeset/3202327/wp-job-portal/tags/2.2.3/modules/resume/model.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fmodules%2Fresume%2Fmodel.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/5d8961fd-68ac-4a10-ab26-cfcda27c18e8?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-11720
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable when lower-level users have been granted access to submit specific forms, which is disabled by default.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3204192%40acf-frontend-form-element&new=3204192%40acf-frontend-form-element&sfp_email=&sfph_mail=#file32
https://www.wordfence.com/threat-intel/vulnerabilities/id/69a464f4-c357-446f-a5b8-0919d9af56c9?source=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-11721
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.
References: https://plugins.trac.wordpress.org/changeset/3204192/acf-frontend-form-element/trunk/main/frontend/fields/user/class-role.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/e9fdc833-8384-42c0-ad9b-72e5b6351964?source=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-31891
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1
contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system.
References: https://www.ibm.com/support/pages/node/7178098
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-31892
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.
References: https://www.ibm.com/support/pages/node/7178098
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 14-15, 2024.
During this period, The National Vulnerability Database published 50, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 7
Medium: 42
Low: 0
Severity Not Assigned: 1
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-9698
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/crafthemes-demo-import/trunk/inc/Helpers.php#L421
https://www.wordfence.com/threat-intel/vulnerabilities/id/e44dd0e8-e6e7-4a2d-b9ca-abd1de273092?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-10646
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://plugins.trac.wordpress.org/browser/fluentform/tags/5.2.4
https://plugins.trac.wordpress.org/changeset/3203147/fluentform/trunk/boot/globals.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/41c2ec31-360d-4145-b0b4-77d4d1d4b8a1?source=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-11711
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://gist.github.com/g1-nhantv/b388ef3b4ff57c69f719c363d7fea399#file-resume_model-php-L35
https://plugins.trac.wordpress.org/changeset/3202327/wp-job-portal/tags/2.2.3/modules/resume/model.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fmodules%2Fresume%2Fmodel.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/5d8961fd-68ac-4a10-ab26-cfcda27c18e8?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-11720
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable when lower-level users have been granted access to submit specific forms, which is disabled by default.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3204192%40acf-frontend-form-element&new=3204192%40acf-frontend-form-element&sfp_email=&sfph_mail=#file32
https://www.wordfence.com/threat-intel/vulnerabilities/id/69a464f4-c357-446f-a5b8-0919d9af56c9?source=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-11721
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.
References: https://plugins.trac.wordpress.org/changeset/3204192/acf-frontend-form-element/trunk/main/frontend/fields/user/class-role.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/e9fdc833-8384-42c0-ad9b-72e5b6351964?source=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-31891
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1
contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system.
References: https://www.ibm.com/support/pages/node/7178098
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-31892
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.
References: https://www.ibm.com/support/pages/node/7178098
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found