{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T01:07:54.239","vulnerabilities":[{"cve":{"id":"CVE-2024-12259","sourceIdentifier":"security@wordfence.com","published":"2024-12-18T04:15:07.803","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the wc_update_user_data AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account."},{"lang":"es","value":"El complemento CRM WordPress Plugin – RepairBuddy para WordPress es vulnerable a la escalada de privilegios mediante la apropiación de cuentas en todas las versiones hasta la 3.8120 incluida. Esto se debe a que el complemento no valida correctamente la identidad de un usuario antes de actualizar su correo electrónico a través de la acción AJAX wc_update_user_data. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, cambien las direcciones de correo electrónico de usuarios arbitrarios, incluidos los administradores, y aprovechen eso para restablecer la contraseña del usuario y obtener acceso a su cuenta."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3204501%40computer-repair-shop&new=3204501%40computer-repair-shop&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3206568%40computer-repair-shop&new=3206568%40computer-repair-shop&sfp_email=&sfph_mail=#file548","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208270%40computer-repair-shop&new=3208270%40computer-repair-shop&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/80997d2f-3e16-48f6-969b-58844cb83d53?source=cve","source":"security@wordfence.com"}]}}]}