CVE-2024-28850

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Mar 25, 2024
Updated: Mar 26, 2024
CWE ID 494

Summary

CVE-2024-28850 is a vulnerability affecting WP Crontrol, a plugin used to manage cron events on WordPress websites. While the feature itself does not have any known vulnerabilities, there is a potential for remote code execution (RCE) if it is specifically targeted in conjunction with another vulnerability like SQL injection. Exploitation of this vulnerability requires certain preconditions to be met, such as a writable SQL injection vulnerability in any plugin, theme, or WordPress core, a compromised database at the hosting level, or the ability to update arbitrary options in the wp_options table. As a mitigation measure, it is recommended to upgrade WP Crontrol to version 1.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-28850 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options