OpenCVE

The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta which can be leveraged to update their capabilities to gain administrator access.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Wpmet	Fundengine Wp Fundraising Donation And Crowdfunding Platform

Configuration 1 [-]

cpe:2.3:a:wpmet:fundengine:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3128099%40wp-fundraising-donation%2Ftrunk&old=3072093%40wp-fundraising-donation%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/2ec6cf42-291b-452d-ad14-80ae1cd5ec5c?source=cve

History

Sat, 23 Nov 2024 01:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wpmet fundengine
CPEs		cpe:2.3:a:wpmet:fundengine::::::wordpress::*
Vendors & Products		Wpmet fundengine

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-08-01T03:29:58.918Z

Updated: 2024-08-01T14:10:21.095Z

Reserved: 2024-07-11T15:47:40.488Z

Link: CVE-2024-6698

Vulnrichment

Updated: 2024-08-01T14:10:17.104Z

NVD

Status : Analyzed

Published: 2024-08-01T04:15:04.767

Modified: 2024-11-23T00:44:15.393

Link: CVE-2024-6698

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6698", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-07-11T15:47:40.488Z", "datePublished": "2024-08-01T03:29:58.918Z", "dateUpdated": "2024-08-01T14:10:21.095Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-08-01T03:29:58.918Z"}, "affected": [{"vendor": "xpeedstudio", "product": "FundEngine \u2013 Donation and Crowdfunding Platform", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.7.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta which can be leveraged to update their capabilities to gain administrator access."}], "title": "FundEngine \u2013 Donation and Crowdfunding Platform <= 1.7.0 - Authenticated (Subscriber+) Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ec6cf42-291b-452d-ad14-80ae1cd5ec5c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3128099%40wp-fundraising-donation%2Ftrunk&old=3072093%40wp-fundraising-donation%2Ftrunk&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Thanh Nam Tran"}], "timeline": [{"time": "2024-07-31T15:16:32.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"affected": [{"vendor": "wpmet", "product": "wp_fundraising_donation_and_crowdfunding_platform", "cpes": ["cpe:2.3:a:wpmet:wp_fundraising_donation_and_crowdfunding_platform:*:*:*:*:*:wordpress:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.7.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T14:07:25.485872Z", "id": "CVE-2024-6698", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T14:10:21.095Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6698", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-01T14:07:25.485872Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wpmet:wp_fundraising_donation_and_crowdfunding_platform:*:*:*:*:*:wordpress:*:*"], "vendor": "wpmet", "product": "wp_fundraising_donation_and_crowdfunding_platform", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.7.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T14:10:17.104Z"}}], "cna": {"title": "FundEngine \u2013 Donation and Crowdfunding Platform <= 1.7.0 - Authenticated (Subscriber+) Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Thanh Nam Tran"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "xpeedstudio", "product": "FundEngine \u2013 Donation and Crowdfunding Platform", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.7.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-07-31T15:16:32.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ec6cf42-291b-452d-ad14-80ae1cd5ec5c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3128099%40wp-fundraising-donation%2Ftrunk&old=3072093%40wp-fundraising-donation%2Ftrunk&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta which can be leveraged to update their capabilities to gain administrator access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-08-01T03:29:58.918Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6698", "state": "PUBLISHED", "dateUpdated": "2024-08-01T14:10:21.095Z", "dateReserved": "2024-07-11T15:47:40.488Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-08-01T03:29:58.918Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpmet:fundengine:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "B2DCDDD6-75E7-4A3B-A05A-3700349CBE55", "versionEndExcluding": "1.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta which can be leveraged to update their capabilities to gain administrator access."}, {"lang": "es", "value": " El complemento FundEngine para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.7.0 incluida. Esto se debe a que el complemento no verifica correctamente el metadato del usuario actualizado a trav\u00e9s de la funci\u00f3n update_user_meta. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, actualicen su meta de usuario, que puede aprovecharse para actualizar sus capacidades y obtener acceso de administrador."}], "id": "CVE-2024-6698", "lastModified": "2024-11-23T00:44:15.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-08-01T04:15:04.767", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3128099%40wp-fundraising-donation%2Ftrunk&old=3072093%40wp-fundraising-donation%2Ftrunk&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ec6cf42-291b-452d-ad14-80ae1cd5ec5c?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}