{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-1637", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-02-19T18:43:59.340Z", "datePublished": "2024-04-09T18:58:36.352Z", "dateUpdated": "2026-04-08T16:38:17.081Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:38:17.081Z"}, "affected": [{"vendor": "jtermaat", "product": "360 Javascript Viewer", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.7.12", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or higher, to update plugin settings."}], "title": "360 Javascript Viewer <= 1.7.12 - Missing Authorization to Plugin Settings Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ba33c84-5198-4c77-8995-d0a315d68990?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/360deg-javascript-viewer/trunk/admin/pages/class-jsv-360-admin_page_abstract.php#L42"}, {"url": "https://plugins.trac.wordpress.org/changeset/3047449/360deg-javascript-viewer/trunk/admin/pages/class-jsv-360-admin_page_abstract.php?contextall=1&old=3015478&old_path=%2F360deg-javascript-viewer%2Ftrunk%2Fadmin%2Fpages%2Fclass-jsv-360-admin_page_abstract.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "timeline": [{"time": "2024-03-21T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1637", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-10T19:24:00.679836Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:59:53.525Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:48:21.536Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ba33c84-5198-4c77-8995-d0a315d68990?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/360deg-javascript-viewer/trunk/admin/pages/class-jsv-360-admin_page_abstract.php#L42", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3047449/360deg-javascript-viewer/trunk/admin/pages/class-jsv-360-admin_page_abstract.php?contextall=1&old=3015478&old_path=%2F360deg-javascript-viewer%2Ftrunk%2Fadmin%2Fpages%2Fclass-jsv-360-admin_page_abstract.php", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ba33c84-5198-4c77-8995-d0a315d68990?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/360deg-javascript-viewer/trunk/admin/pages/class-jsv-360-admin_page_abstract.php#L42", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3047449/360deg-javascript-viewer/trunk/admin/pages/class-jsv-360-admin_page_abstract.php?contextall=1&old=3015478&old_path=%2F360deg-javascript-viewer%2Ftrunk%2Fadmin%2Fpages%2Fclass-jsv-360-admin_page_abstract.php", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:48:21.536Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1637", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-10T19:24:00.679836Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:22.967Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "jtermaat", "product": "360 Javascript Viewer", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.7.12"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ba33c84-5198-4c77-8995-d0a315d68990?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/360deg-javascript-viewer/trunk/admin/pages/class-jsv-360-admin_page_abstract.php#L42"}, {"url": "https://plugins.trac.wordpress.org/changeset/3047449/360deg-javascript-viewer/trunk/admin/pages/class-jsv-360-admin_page_abstract.php?contextall=1&old=3015478&old_path=%2F360deg-javascript-viewer%2Ftrunk%2Fadmin%2Fpages%2Fclass-jsv-360-admin_page_abstract.php"}], "descriptions": [{"lang": "en", "value": "The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or higher, to update plugin settings."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-04-09T18:58:36.352Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1637", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:48:21.536Z", "dateReserved": "2024-02-19T18:43:59.340Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-04-09T18:58:36.352Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or higher, to update plugin settings."}, {"lang": "es", "value": "El complemento 360 Javascript Viewer para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una verificaci\u00f3n de capacidad faltante y exposici\u00f3n nonce en varias acciones AJAX en todas las versiones hasta la 1.7.12 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor o superior, actualicen la configuraci\u00f3n del complemento."}], "id": "CVE-2024-1637", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-04-09T19:15:18.740", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/360deg-javascript-viewer/trunk/admin/pages/class-jsv-360-admin_page_abstract.php#L42"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3047449/360deg-javascript-viewer/trunk/admin/pages/class-jsv-360-admin_page_abstract.php?contextall=1&old=3015478&old_path=%2F360deg-javascript-viewer%2Ftrunk%2Fadmin%2Fpages%2Fclass-jsv-360-admin_page_abstract.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ba33c84-5198-4c77-8995-d0a315d68990?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/360deg-javascript-viewer/trunk/admin/pages/class-jsv-360-admin_page_abstract.php#L42"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/changeset/3047449/360deg-javascript-viewer/trunk/admin/pages/class-jsv-360-admin_page_abstract.php?contextall=1&old=3015478&old_path=%2F360deg-javascript-viewer%2Ftrunk%2Fadmin%2Fpages%2Fclass-jsv-360-admin_page_abstract.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ba33c84-5198-4c77-8995-d0a315d68990?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{}