CVE-2024-10900

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Nov 20, 2024

Updated: Nov 29, 2024

CWE ID 862

Summary

CVE-2024-10900 is a vulnerability affecting the ProfileGrid plugin for WordPress. This issue allows authenticated attackers, with subscriber-level access and above, to unauthorizedly modify user data. The root cause is a missing capability check on the pm_remove_file_attachment() function, present in all versions up to 5.9.3.6. Successful exploitation of this vulnerability enables attackers to delete arbitrary user meta, potentially denying administrators access to their site.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0Pgve4
https://www.cve.org/CVERecord?id=CVE-2024-10900
https://nvd.nist.gov/vuln/detail/CVE-2024-10900

Back to Vulnerability Database

CVE-2024-10900

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations