CVE-2024-13835

EPSS 0.11%
Veröffentlicht 08.03.2025 03:15:36
Zuletzt bearbeitet 12.03.2025 16:54:47
Quelle security@wordfence.com
Teams Watchlist Login
Unerledigt Login

The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added/modified. This makes it possible for authenticated attackers, with Administrator-level access and above, to gain elevated privileges on subsites that would otherwise be inaccessible.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wpexpertplugins ≫ Post Meta Data Manager SwPlatformwordpress Version <= 1.4.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.296

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security@wordfence.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.wordfence.com/threat-intel/vulnerabilities/id/568aa6d6-10a1-4653-ab95-845faf005b8e?source=cve

Third Party Advisory

https://wordpress.org/plugins/post-meta-data-manager/

Product

https://nvd.nist.gov/vuln/detail/CVE-2024-13835

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-13835

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-13835

EUVD