The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to add custom fields that can be updated and then use the check_and_overwrite_wp_or_woocommerce_fields function to update the wp_capabilities field to have administrator privileges.
Metrics
Affected Vendors & Products
References
History
Wed, 13 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Vanquish
Vanquish wordpress User Extra Fields |
|
CPEs | cpe:2.3:a:vanquish:wordpress_user_extra_fields:*:*:*:*:*:*:*:* | |
Vendors & Products |
Vanquish
Vanquish wordpress User Extra Fields |
|
Metrics |
ssvc
|
Wed, 13 Nov 2024 04:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to add custom fields that can be updated and then use the check_and_overwrite_wp_or_woocommerce_fields function to update the wp_capabilities field to have administrator privileges. | |
Title | WordPress User Extra Fields <= 16.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation | |
Weaknesses | CWE-862 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-11-13T04:29:06.399Z
Updated: 2024-11-13T15:06:45.214Z
Reserved: 2024-11-04T16:26:10.829Z
Link: CVE-2024-10800
Vulnrichment
Updated: 2024-11-13T15:06:37.300Z
NVD
Status : Awaiting Analysis
Published: 2024-11-13T05:15:11.680
Modified: 2024-11-13T17:01:16.850
Link: CVE-2024-10800
Redhat
No data.