{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-49774","assignerOrgId":"21595511-bba5-4825-b968-b78d1f9984a3","state":"PUBLISHED","assignerShortName":"Patchstack","dateReserved":"2023-11-30T13:22:54.825Z","datePublished":"2024-06-04T11:23:29.421Z","dateUpdated":"2024-08-02T22:01:25.853Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://wordpress.org/plugins","defaultStatus":"unaffected","packageName":"wp-photo-album-plus","product":"WP Photo Album Plus","vendor":"J.N. Breetvelt a.k.a. OpaJaap","versions":[{"changes":[{"at":"8.6.01.005","status":"unaffected"}],"lessThanOrEqual":"8.5.02.005","status":"affected","version":"n/a","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Brandon Roldan (Patchstack Alliance)"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.<p>This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.</p>"}],"value":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005."}],"impacts":[{"capecId":"CAPEC-1","descriptions":[{"lang":"en","value":"CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-200","description":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"21595511-bba5-4825-b968-b78d1f9984a3","shortName":"Patchstack","dateUpdated":"2024-06-04T11:23:29.421Z"},"references":[{"tags":["vdb-entry"],"url":"https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-ip-bypass-vulnerability?_s_id=cve"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update to 8.6.01.005 or a higher version."}],"value":"Update to 8.6.01.005 or a higher version."}],"source":{"discovery":"EXTERNAL"},"title":"WordPress WP Photo Album Plus plugin <= 8.5.02.005 - IP Bypass vulnerability","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"affected":[{"vendor":"wppa","product":"wp_photo_album_plus","cpes":["cpe:2.3:a:wppa:wp_photo_album_plus:*:*:*:*:*:wordpress:*:*"],"defaultStatus":"unaffected","versions":[{"version":"0","status":"affected","lessThanOrEqual":"8.5.02.005","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-04T14:52:40.837597Z","id":"CVE-2023-49774","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-24T15:39:43.697Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T22:01:25.853Z"},"title":"CVE Program Container","references":[{"tags":["vdb-entry","x_transferred"],"url":"https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-5-02-005-ip-bypass-vulnerability?_s_id=cve"}]}]}}