Unauthorized Access to Sensitive Information via Inadequate ACLs
CVE-2024-38749

7.5HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
13 August 2024

What is CVE-2024-38749?

An issue has been identified in the Olive One Click Demo Import plugin by Olive Themes, allowing unauthorized access to functionalities not properly constrained by Access Control Lists (ACLs). This vulnerability enables unauthorized individuals to potentially access sensitive data, posing risks to data privacy and security within the affected applications. The affected versions include all from n/a to 1.1.2.

Affected Version(s)

Olive One Click Demo Import <= 1.1.2

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Peng Zhou (Patchstack Alliance)
.
CVE-2024-38749 : Unauthorized Access to Sensitive Information via Inadequate ACLs