CVE-2024-6698

NVD Published Date: August 01, 2024 at 04:15 AM
NVD Last Modified: August 01, 2024 at 12:42 PM
Download Patch
Vulnerability ID
CVE-2024-6698
Severity
HIGH
Severity Score
8.8
Summary
The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta which can be leveraged to update their capabilities to gain administrator access.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE ID
None

Recent Publish

CVE-2024-7342

CVE-2024-2090

CVE-2024-7343

CVE-2024-6496

CVE-2024-6346

CVE-2024-7357

See SecOps Solution
in action

Schedule Demo