CVE-2024-11194
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-11194 is a vulnerability affecting the Classified Listing plugin for WordPress. This issue allows authenticated attackers with Subscriber-level access and above to manipulate data, leading to privilege escalation. The 'rtcl_import_settings' function in all versions up to 3.1.15.1 is the root cause, as it is misconfigured and allows for unauthorized updates to limited arbitrary options. An attacker can exploit this to elevate the Subscriber role to Administrator-level access, gaining full control over the WordPress site. However, the vulnerability is restricted to options with an array value.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.