FKIE_CVE-2024-7624

Vulnerability from fkie_nvd - Published: 2024-08-15 03:15 - Updated: 2025-02-11 20:13
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to the plugin's settings through the update_user_access() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to grant themselves full access to the plugin's settings.
References
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/zephyr-project-manager/trunk/includes/Base/AjaxHandler.php?rev=3111536#L2464Product
security@wordfence.comhttps://plugins.trac.wordpress.org/changeset/3134404/Patch
security@wordfence.comhttps://www.wordfence.com/threat-intel/vulnerabilities/id/b9ef344d-cd56-43f9-b185-de83a92800de?source=cveThird Party Advisory
Impacted products
Vendor Product Version
zephyr-one zephyr_project_manager *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zephyr-one:zephyr_project_manager:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "45ACC30C-C500-4279-A727-1C3EF6703FA8",
              "versionEndExcluding": "3.3.102",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to the plugin\u0027s settings through the update_user_access() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to grant themselves full access to the plugin\u0027s settings."
    },
    {
      "lang": "es",
      "value": "El complemento Zephyr Project Manager para WordPress es vulnerable a una escalada de privilegios limitada en todas las versiones hasta la 3.3.101 incluida. Esto se debe a que el complemento no verifica adecuadamente las capacidades de los usuarios antes de permitirles habilitar el acceso a la configuraci\u00f3n del complemento a trav\u00e9s de la funci\u00f3n update_user_access(). Esto hace posible que los atacantes autenticados, con acceso de nivel de suscriptor y superior, se otorguen acceso completo a la configuraci\u00f3n del complemento."
    }
  ],
  "id": "CVE-2024-7624",
  "lastModified": "2025-02-11T20:13:25.027",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "security@wordfence.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-08-15T03:15:05.070",
  "references": [
    {
      "source": "security@wordfence.com",
      "tags": [
        "Product"
      ],
      "url": "https://plugins.trac.wordpress.org/browser/zephyr-project-manager/trunk/includes/Base/AjaxHandler.php?rev=3111536#L2464"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Patch"
      ],
      "url": "https://plugins.trac.wordpress.org/changeset/3134404/"
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b9ef344d-cd56-43f9-b185-de83a92800de?source=cve"
    }
  ],
  "sourceIdentifier": "security@wordfence.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "security@wordfence.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.