CVE-2024-6695

{"id": "CVE-2024-6695", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-07-31T06:15:04.237", "references": [{"url": "https://wpscan.com/vulnerability/4afa5c85-ce27-4ca7-bba2-61fb39c53a5b/", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process."}, {"lang": "es", "value": " Es posible que un atacante obtenga acceso administrativo sin tener ning\u00fan tipo de cuenta en el sitio objetivo y realice acciones no autorizadas. Esto se debe a un flujo l\u00f3gico inadecuado en el proceso de registro de usuarios."}], "lastModified": "2026-01-02T20:18:13.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "EC720AB1-5146-4426-89D3-A6C0A09E456C", "versionEndExcluding": "3.11.9"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}