Vulnerability in Starbox Author Box for Humans Plugin Allows Subscribers to View Plugin Preferences and Potentially Other User Settings
CVE-2024-0366

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Starbox – The Author Box For Humans
Vendor: CVE Published:; 5 February 2024

What is CVE-2024-0366?

The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings.

Affected Version(s)

Starbox – the Author Box for Humans * <= 3.4.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/starbox/trunk/...

https://plugins.trac.wordpress.org/changeset/3028775/star...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2024
Vulnerability Reserved
Jan 9, 2024

WordPress

What is CVE-2024-0366?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit