CVE-2024-11194

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 19, 2024
CWE ID 862

Summary

CVE-2024-11194 is a vulnerability affecting the Classified Listing plugin for WordPress. This issue allows authenticated attackers with Subscriber-level access and above to manipulate data, leading to privilege escalation. The 'rtcl_import_settings' function in all versions up to 3.1.15.1 is the root cause, as it is misconfigured and allows for unauthorized updates to limited arbitrary options. An attacker can exploit this to elevate the Subscriber role to Administrator-level access, gaining full control over the WordPress site. However, the vulnerability is restricted to options with an array value.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share