CVE-2024-30481 - Vulnerability Details - OpenCVE

Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Jch Optimize Project	Jch Optimize

Configuration 1 [-]

cpe:2.3:a:jch_optimize_project:jch_optimize:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/jch-optimize/wordpress-jch-optimize-plugin-4-0-0-broken-access-control-vulnerability?_s_id=cve

History

Fri, 14 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 08 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Jch Optimize Project Jch Optimize Project jch Optimize
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:jch_optimize_project:jch_optimize::::::wordpress::*
Vendors & Products		Jch Optimize Project Jch Optimize Project jch Optimize

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-06-09T10:52:43.453Z

Updated: 2025-03-14T16:18:15.564Z

Reserved: 2024-03-27T10:20:02.244Z

Link: CVE-2024-30481

Vulnrichment

Updated: 2024-08-02T01:39:00.585Z

NVD

Status : Modified

Published: 2024-06-09T11:15:51.357

Modified: 2025-03-14T17:15:43.727

Link: CVE-2024-30481

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30481", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-03-27T10:20:02.244Z", "datePublished": "2024-06-09T10:52:43.453Z", "dateUpdated": "2025-03-14T16:18:15.564Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "jch-optimize", "product": "JCH Optimize", "vendor": "Samuel Marshall", "versions": [{"changes": [{"at": "4.0.1", "status": "unaffected"}], "lessThanOrEqual": "4.0.0", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Abdi Pranata (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Broken Access Control vulnerability in Samuel Marshall JCH Optimize.<p>This issue affects JCH Optimize: from n/a through 4.0.0.</p>"}], "value": "Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Broken Access Control", "lang": "en"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-09T10:52:43.453Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/jch-optimize/wordpress-jch-optimize-plugin-4-0-0-broken-access-control-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 4.0.1 or a higher version."}], "value": "Update to 4.0.1 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress JCH Optimize plugin <= 4.0.0 - Broken Access Control vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-10T14:12:23.385641Z", "id": "CVE-2024-30481", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T16:18:15.564Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:39:00.585Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/jch-optimize/wordpress-jch-optimize-plugin-4-0-0-broken-access-control-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/jch-optimize/wordpress-jch-optimize-plugin-4-0-0-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:39:00.585Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30481", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-10T14:12:23.385641Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T14:12:29.625Z"}}], "cna": {"title": "WordPress JCH Optimize plugin <= 4.0.0 - Broken Access Control vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Abdi Pranata (Patchstack Alliance)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Samuel Marshall", "product": "JCH Optimize", "versions": [{"status": "affected", "changes": [{"at": "4.0.1", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "4.0.0"}], "packageName": "jch-optimize", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 4.0.1 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 4.0.1 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/jch-optimize/wordpress-jch-optimize-plugin-4-0-0-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0.", "supportingMedia": [{"type": "text/html", "value": "Broken Access Control vulnerability in Samuel Marshall JCH Optimize.<p>This issue affects JCH Optimize: from n/a through 4.0.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Broken Access Control"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-09T10:52:43.453Z"}}}, "cveMetadata": {"cveId": "CVE-2024-30481", "state": "PUBLISHED", "dateUpdated": "2025-03-14T16:18:15.564Z", "dateReserved": "2024-03-27T10:20:02.244Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-06-09T10:52:43.453Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jch_optimize_project:jch_optimize:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "28F32E2C-AA8E-46A3-A6BB-8299B7CF23EE", "versionEndExcluding": "4.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0."}, {"lang": "es", "value": "Vulnerabilidad de control de acceso roto en Samuel Marshall JCH Optimize. Este problema afecta a JCH Optimize: desde n/a hasta 4.0.0."}], "id": "CVE-2024-30481", "lastModified": "2025-03-14T17:15:43.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-09T11:15:51.357", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/jch-optimize/wordpress-jch-optimize-plugin-4-0-0-broken-access-control-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/jch-optimize/wordpress-jch-optimize-plugin-4-0-0-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}