CVE-2024-10800

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-10800
The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to add custom fields that can be updated and then use the check_and_overwrite_wp_or_woocommerce_fields function to update the wp_capabilities field to have administrator privileges.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://codecanyon.net/item/user-extra-fields/12949844 Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/a18fa7e6-813d-4b48-bd4e-5232fb8382d1?source=cve Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:vanquish:user_extra_fields:*:*:*:*:*:wordpress:*:*
History

19 Nov 2024, 17:08

Type Values Removed Values Added
CPE cpe:2.3:a:vanquish:user_extra_fields:*:*:*:*:*:wordpress:*:*
First Time Vanquish user Extra Fields
Vanquish
References () https://codecanyon.net/item/user-extra-fields/12949844 - () https://codecanyon.net/item/user-extra-fields/12949844 - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/a18fa7e6-813d-4b48-bd4e-5232fb8382d1?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/a18fa7e6-813d-4b48-bd4e-5232fb8382d1?source=cve - Third Party Advisory

13 Nov 2024, 17:01

Type Values Removed Values Added
Summary
  • (es) El complemento User Extra Fields de WordPress es vulnerable a la escalada de privilegios debido a una verificación de capacidad faltante en la función ajax_save_fields() en todas las versiones hasta la 16.6 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, agreguen campos personalizados que se puedan actualizar y luego usen la función check_and_overwrite_wp_or_woocommerce_fields para actualizar el campo wp_capabilities para que tenga privilegios de administrador.

13 Nov 2024, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-13 05:15

Updated : 2024-11-19 17:08

NVD link : CVE-2024-10800

Mitre link : CVE-2024-10800

CVE.ORG link : CVE-2024-10800

JSON object : View

Products Affected

vanquish

  • user_extra_fields
CWE
CWE-862

Missing Authorization