{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-0710", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-01-18T23:54:43.419Z", "datePublished": "2024-05-02T16:57:15.807Z", "dateUpdated": "2026-04-08T16:42:50.031Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:42:50.031Z"}, "affected": [{"vendor": "Gravity Wiz", "product": "GP Unique ID", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.5.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context."}], "title": "GP Unique ID <= 1.5.5 - Unauthenticated Form Submission Unique ID Modification", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=cve"}, {"url": "https://gravitywiz.com/documentation/gravity-forms-unique-id/"}, {"url": "https://github.com/karlemilnikka/CVE-2024-0710/blob/main/README.md"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Karl Emil Nikka"}], "timeline": [{"time": "2024-01-13T00:00:00.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2024-04-10T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0710", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-02T17:52:46.260705Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gravity_wiz:gp_unique_id:*:*:*:*:*:*:*:*"], "vendor": "gravity_wiz", "product": "gp_unique_id", "versions": [{"status": "affected", "version": "1.5.5"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:58:53.597Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.724Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=cve", "tags": ["x_transferred"]}, {"url": "https://gravitywiz.com/documentation/gravity-forms-unique-id/", "tags": ["x_transferred"]}, {"url": "https://github.com/karlemilnikka/CVE-2024-0710/blob/main/README.md", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=cve", "tags": ["x_transferred"]}, {"url": "https://gravitywiz.com/documentation/gravity-forms-unique-id/", "tags": ["x_transferred"]}, {"url": "https://github.com/karlemilnikka/CVE-2024-0710/blob/main/README.md", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.724Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0710", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-02T17:52:46.260705Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gravity_wiz:gp_unique_id:*:*:*:*:*:*:*:*"], "vendor": "gravity_wiz", "product": "gp_unique_id", "versions": [{"status": "affected", "version": "1.5.5"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-02T17:55:58.615Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "GP Unique ID <= 1.5.5 - Unauthenticated Form Submission Unique ID Modification", "credits": [{"lang": "en", "type": "finder", "value": "Karl Emil Nikka"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "Gravity Wiz", "product": "GP Unique ID", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.5.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-01-13T00:00:00.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2024-04-10T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=cve"}, {"url": "https://gravitywiz.com/documentation/gravity-forms-unique-id/"}, {"url": "https://github.com/karlemilnikka/CVE-2024-0710/blob/main/README.md"}], "descriptions": [{"lang": "en", "value": "The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:42:50.031Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0710", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:42:50.031Z", "dateReserved": "2024-01-18T23:54:43.419Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-05-02T16:57:15.807Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context."}, {"lang": "es", "value": "El complemento GP Unique ID para WordPress es vulnerable a la modificaci\u00f3n de ID \u00fanico en todas las versiones hasta la 1.5.5 incluida. Esto se debe a una validaci\u00f3n de entrada insuficiente. Esto hace posible que atacantes no autenticados alteren la generaci\u00f3n de una identificaci\u00f3n \u00fanica en el env\u00edo de un formulario y reemplacen la identificaci\u00f3n \u00fanica generada con una controlada por el usuario, lo que lleva a una p\u00e9rdida de integridad en los casos en que se conf\u00eda en la unicidad de la identificaci\u00f3n en un contexto espec\u00edfico de seguridad."}], "id": "CVE-2024-0710", "lastModified": "2026-04-08T17:17:24.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-05-02T17:15:09.707", "references": [{"source": "security@wordfence.com", "url": "https://github.com/karlemilnikka/CVE-2024-0710/blob/main/README.md"}, {"source": "security@wordfence.com", "url": "https://gravitywiz.com/documentation/gravity-forms-unique-id/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/karlemilnikka/CVE-2024-0710/blob/main/README.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://gravitywiz.com/documentation/gravity-forms-unique-id/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}