CVE-2024-6155

{"id": "CVE-2024-6155", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2025-01-09T11:15:16.330", "references": [{"url": "https://plugins.trac.wordpress.org/browser/greenshift-animation-and-page-builder-blocks/tags/8.9.8/settings.php#L1385", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fe3cfaf4-67c8-47af-bd58-e8ad27a03fae?source=cve", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "The Greenshift \u2013 animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application that can also be leveraged to download malicious SVG files containing Cross-Site Scripting payloads to the server. On Cloud-based servers, attackers could retrieve the instance metadata. The issue was partially patched in version 8.9.9 and fully patched in version 9.0.1."}, {"lang": "es", "value": "El complemento Greenshift \u2013 animation y page builder blocks para WordPress es vulnerable a Server-Side Request Forgery (SSRF) autenticada (Subscriber+) y a Cross Site Scripting almacenado en todas las versiones hasta la 9.0.0 incluida debido a una comprobaci\u00f3n de capacidad faltante en la funci\u00f3n greenshift_download_file_localy, junto con la falta de protecci\u00f3n SSRF y desinfecci\u00f3n de los archivos SVG cargados. Esto permite que los atacantes autenticados, con acceso de nivel de suscriptor y superior, realicen solicitudes web a ubicaciones arbitrarias que se originan en la aplicaci\u00f3n web y que tambi\u00e9n se pueden aprovechar para descargar archivos SVG maliciosos que contienen payloads de Cross Site Scripting al servidor. En servidores basados en la nube, los atacantes podr\u00edan recuperar los metadatos de la instancia. El problema se solucion\u00f3 parcialmente en la versi\u00f3n 8.9.9 y por completo en la versi\u00f3n 9.0.1."}], "lastModified": "2025-06-05T14:43:06.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:greenshiftwp:greenshift_-_animation_and_page_builder_blocks:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B8C3214B-BC14-42EB-B748-10BFF3A13E0B", "versionEndExcluding": "9.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}