7.2
CVE-2024-13835
- EPSS 0.15%
- Veröffentlicht 08.03.2025 03:15:36
- Zuletzt bearbeitet 12.03.2025 16:54:47
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginPost Meta Data Manager <= 1.4.3 - Authentciated (Admin+) Multisite Privilege Escalation
The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added/modified. This makes it possible for authenticated attackers, with Administrator-level access and above, to gain elevated privileges on subsites that would otherwise be inaccessible.
Mögliche Gegenmaßnahme
Post Meta Data Manager: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Post Meta Data Manager
Version
* - 1.4.3
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpexpertplugins ≫ Post Meta Data Manager SwPlatformwordpress Version <= 1.4.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.362 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.