5.3

CVE-2024-32792

WordPress Hummingbird plugin <= 3.7.3 - Broken Access Control vulnerability

Hummingbird <= 3.7.3 - Missing Authorization

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through <= 3.7.3.
Mögliche Gegenmaßnahme
Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN: Update to version 3.7.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IncsubHummingbird SwPlatformwordpress Version < 3.7.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN
Version *-3.7.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.198
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
audit@patchstack.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://patchstack.com/database/vulnerability/hummingbird-performance/wordpress-hummingbird-plugin-3-7-3-broken-access-control-vulnerability?_s_id=cve
Third Party Advisory
https://patchstack.com/database/Wordpress/Plugin/hummingbird-performance/vulnerability/wordpress-hummingbird-plugin-3-7-3-broken-access-control-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/0bd35ef1-ed28-44db-a1f6-74bc83974c71
Third Party Advisory