CVE-2024-34387 - Vulnerability Details - OpenCVE

ReportizFlow

Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Afthemes	Wp Post Author

Configuration 1 [-]

cpe:2.3:a:afthemes:wp_post_author:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/wp-post-author/wordpress-wp-post-author-plugin-3-6-4-rating-value-manipulation-vulnerability?_s_id=cve

History

Tue, 28 Apr 2026 18:30:00 +0000

Type	Values Removed	Values Added
Description	Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4.	Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4.

Thu, 06 Feb 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Afthemes Afthemes wp Post Author
CPEs		cpe:2.3:a:afthemes:wp_post_author::::::wordpress::*
Vendors & Products		Afthemes Afthemes wp Post Author

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-05-06T18:49:03.579Z

Updated: 2026-04-28T16:09:47.992Z

Reserved: 2024-05-02T11:33:01.484Z

Link: CVE-2024-34387

Vulnrichment

Updated: 2024-08-02T02:51:11.403Z

NVD

Status : Modified

Published: 2024-05-06T19:15:10.273

Modified: 2026-04-28T19:25:21.480

Link: CVE-2024-34387

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-34387", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-05-02T11:33:01.484Z", "datePublished": "2024-05-06T18:49:03.579Z", "dateUpdated": "2026-04-28T16:09:47.992Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-post-author", "product": "WP Post Author", "vendor": "AF themes", "versions": [{"lessThanOrEqual": "3.6.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Kyle Sanchez (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in AF themes WP Post Author.<p>This issue affects WP Post Author: from n/a through 3.6.4.</p>"}], "value": "Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:09:47.992Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/wp-post-author/wordpress-wp-post-author-plugin-3-6-4-rating-value-manipulation-vulnerability?_s_id=cve"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress WP Post Author plugin <= 3.6.4 - Rating Value Manipulation vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34387", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-09T17:35:09.511590Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:41:56.821Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:11.403Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/wp-post-author/wordpress-wp-post-author-plugin-3-6-4-rating-value-manipulation-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/wp-post-author/wordpress-wp-post-author-plugin-3-6-4-rating-value-manipulation-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:11.403Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34387", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-09T17:35:09.511590Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-09T17:35:16.657Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "WordPress WP Post Author plugin <= 3.6.4 - Rating Value Manipulation vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Kyle Sanchez (Patchstack Alliance)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AF themes", "product": "WP Post Author", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "3.6.4"}], "packageName": "wp-post-author", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/vulnerability/wp-post-author/wordpress-wp-post-author-plugin-3-6-4-rating-value-manipulation-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4.\n\n", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in AF themes WP Post Author.<p>This issue affects WP Post Author: from n/a through 3.6.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-05-06T18:49:03.579Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34387", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:51:11.403Z", "dateReserved": "2024-05-02T11:33:01.484Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-05-06T18:49:03.579Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:afthemes:wp_post_author:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "07D9AD3F-D625-4A53-944F-37FA069DB3B6", "versionEndExcluding": "3.6.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en temas AF WP Post Author. Este problema afecta a WP Post Author: desde n/a hasta 3.6.4."}], "id": "CVE-2024-34387", "lastModified": "2026-04-28T19:25:21.480", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-05-06T19:15:10.273", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/wp-post-author/wordpress-wp-post-author-plugin-3-6-4-rating-value-manipulation-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/wp-post-author/wordpress-wp-post-author-plugin-3-6-4-rating-value-manipulation-vulnerability?_s_id=cve"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "[email protected]", "type": "Secondary"}]}