CVE-2024-3961

The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3104932%40convertkit%2Ftrunk&old=3085997%40convertkit%2Ftrunk&sfp_email=&sfph_mail=	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/79d828b8-aea2-4705-ae23-ac70133a6c3e?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:convertkit:convertkit_-_email_marketing\,_email_newsletter_and_landing_pages:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2024-06-21 04:15

Updated : 2024-07-17 13:32

NVD link : CVE-2024-3961

Mitre link : CVE-2024-3961

CVE.ORG link : CVE-2024-3961

JSON object : View

Products Affected

convertkit

convertkit_-_email_marketing\,_email_newsletter_and_landing_pages

CWE

CWE-862

Missing Authorization

{"id": "CVE-2024-3961", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-06-21T04:15:11.283", "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3104932%40convertkit%2Ftrunk&old=3085997%40convertkit%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/79d828b8-aea2-4705-ae23-ac70133a6c3e?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The ConvertKit \u2013 Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded."}, {"lang": "es", "value": "El complemento ConvertKit \u2013 Email Newsletter, Email Marketing, Subscribers and Landing Pages para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n tag_subscriber en todas las versiones hasta la 2.4.9 incluida. Esto hace posible que atacantes no autenticados suscriban usuarios a etiquetas. Los propietarios de sitios pueden sufrir da\u00f1os financieros si se excede su cuota de API."}], "lastModified": "2024-07-17T13:32:37.647", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:convertkit:convertkit_-_email_marketing\\,_email_newsletter_and_landing_pages:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "158565D9-03C1-42E9-90CE-371603FA7393", "versionEndExcluding": "2.4.9.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}