CVE-2024-0366

CWE-284 — Improper Access Control CWE-639 — Insecure Direct Object Reference4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 50.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cifi Starbox – THE Author BOX FOR Humans Squirrly Starbox

Timeline

PublishedFeb 5

Latest updateApr 11

Description

The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cifi/starbox_–_the_author_box_for_humans3.4.7

▶NVDsquirrly/starbox3.4.7

🔴Vulnerability Details

VulDB

Starbox Plugin up to 3.4.7 on WordPress resource injection (ID 3028775)↗2026-04-11

▶

GHSA

GHSA-q658-fh2m-cgvf: The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3↗2024-02-06

▶

CVEList

Starbox – the Author Box for Humans <= 3.4.7 - Insecure Direct Object Reference↗2024-02-05

▶