CVE-2024-5331

Published: Aug 1, 2024Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to export form submissions.

Affected (1)

Products: Soflyy: Breakdance

Soflyy

1 product

Breakdance

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Soflyy Breakdance	Before 2.0

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://breakdance.com/breakdance-2-0-now-available/

Source: security@wordfence.com

Release Notes

https://www.wordfence.com/threat-intel/vulnerabilities/id/dbe8d453-21f0-43e2-84d3-3c520ab9c308?source=cve

Source: security@wordfence.com

Third Party Advisory

Timeline

No history available yet.