CVE-2024-3107 - Vulnerability Details - OpenCVE

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Brainstormforce	Spectra

Configuration 1 [-]

cpe:2.3:a:brainstormforce:spectra:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189
https://plugins.trac.wordpress.org/changeset/3062684/
https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve

History

Thu, 06 Feb 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Brainstormforce Brainstormforce spectra
Weaknesses		CWE-22
CPEs		cpe:2.3:a:brainstormforce:spectra::::::wordpress::*
Vendors & Products		Brainstormforce Brainstormforce spectra

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-05-02T16:51:46.405Z

Updated: 2024-08-01T19:32:42.699Z

Reserved: 2024-03-29T20:03:20.976Z

Link: CVE-2024-3107

Vulnrichment

Updated: 2024-08-01T19:32:42.699Z

NVD

Status : Analyzed

Published: 2024-05-02T17:15:22.673

Modified: 2025-02-06T18:05:03.810

Link: CVE-2024-3107

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3107", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-03-29T20:03:20.976Z", "datePublished": "2024-05-02T16:51:46.405Z", "dateUpdated": "2024-08-01T19:32:42.699Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-02T16:51:46.405Z"}, "affected": [{"vendor": "brainstormforce", "product": "Spectra \u2013 WordPress Gutenberg Blocks", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.12.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189"}, {"url": "https://plugins.trac.wordpress.org/changeset/3062684/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Ng\u00f4 Thi\u00ean An"}], "timeline": [{"time": "2024-04-26T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3107", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-06T17:41:30.989424Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:32:39.671Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.699Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3062684/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3062684/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.699Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3107", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-06T17:41:30.989424Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-06T17:41:28.999Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Ng\u00f4 Thi\u00ean An"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "brainstormforce", "product": "Spectra \u2013 WordPress Gutenberg Blocks", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.12.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-04-26T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189"}, {"url": "https://plugins.trac.wordpress.org/changeset/3062684/"}], "descriptions": [{"lang": "en", "value": "The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-02T16:51:46.405Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3107", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:32:42.699Z", "dateReserved": "2024-03-29T20:03:20.976Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-05-02T16:51:46.405Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brainstormforce:spectra:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "96368125-DFCD-4E53-B5FD-8D0A510E9BDB", "versionEndExcluding": "2.12.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information."}, {"lang": "es", "value": "El complemento Spectra \u2013 WordPress Gutenberg Blocks para WordPress es vulnerable a Path Traversal en versiones hasta la 2.12.6 incluida a trav\u00e9s de la funci\u00f3n get_block_default_attributes. Esto permite a atacantes autenticados, con permisos de nivel de colaborador y superiores, leer el contenido de cualquier archivo llamado atributos.php en el servidor, que puede contener informaci\u00f3n confidencial."}], "id": "CVE-2024-3107", "lastModified": "2025-02-06T18:05:03.810", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-05-02T17:15:22.673", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3062684/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-block-module.php#L189"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3062684/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}