CVE-2024-7493

The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/wpcom-member/tags/1.5.2/includes/form-validation.php#L267	Issue Tracking
https://www.wordfence.com/threat-intel/vulnerabilities/id/ec7f3e0c-a07c-4082-9b6b-12d0fbe0fdc8?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wpcom:wpcom_member:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2024-09-06 14:15

Updated : 2024-09-26 17:41

NVD link : CVE-2024-7493

Mitre link : CVE-2024-7493

CVE.ORG link : CVE-2024-7493

JSON object : View

Products Affected

wpcom

wpcom_member

CWE

CWE-269

Improper Privilege Management

NVD-CWE-noinfo

{"id": "CVE-2024-7493", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-09-06T14:15:12.860", "references": [{"url": "https://plugins.trac.wordpress.org/browser/wpcom-member/tags/1.5.2/includes/form-validation.php#L267", "tags": ["Issue Tracking"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ec7f3e0c-a07c-4082-9b6b-12d0fbe0fdc8?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration."}, {"lang": "es", "value": "El complemento WPCOM Member para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.5.2.1 incluida. Esto se debe a que el complemento permite que se pasen datos arbitrarios a wp_insert_user() durante el registro. Esto hace posible que atacantes no autenticados actualicen su funci\u00f3n a la de administrador durante el registro."}], "lastModified": "2024-09-26T17:41:16.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpcom:wpcom_member:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0B61EAB5-1CA7-4F38-89F6-D2126683F6E5", "versionEndExcluding": "1.5.3"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}