CVE-2024-50483
WordPress Meetup plugin <= 0.1 - Broken Authentication vulnerability
In short
The WordPress Meetup plugin version 0.1 and earlier allows attackers to bypass authentication checks by manipulating user-controlled keys, enabling them to gain unauthorized administrative privileges without valid credentials.
Technical detail
The plugin fails to properly validate authentication keys, permitting an unauthenticated attacker to escalate privileges through CWE-639 (Authorization Bypass via User-Controlled Key). An attacker can forge or manipulate authentication parameters to assume higher privilege levels without requiring legitimate credentials or prior access.
Summary generated and translated by AI from the official description.
Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Tareq Hasan · Meetuppublic PoCs found — 1
githubgithub.com/RandomRobbieBF/CVE-2024-50483★ 2⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →