CVE-2024-5468

The WordPress Header Builder Plugin  Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to delete arbitrary options that can be used to perform a denial of service attack on a site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
WordfenceCNA
6.5 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
References
https://plugins.trac.wordpress.org/browser/pearl-header-builder/tags/1.3.7/includes/helpers.php#L304
https://www.wordfence.com/threat-intel/vulnerabilities/id/c2e770e0-1a39-4946-838b-4fd1f1dea1c8?source=cve
https://plugins.trac.wordpress.org/browser/pearl-header-builder/tags/1.3.7/includes/helpers.php#L304
https://www.wordfence.com/threat-intel/vulnerabilities/id/c2e770e0-1a39-4946-838b-4fd1f1dea1c8?source=cve