Privilege Escalation Vulnerability in WordPress User Extra Fields Plugin
CVE-2024-10800

8.8HIGH

Key Information:

Vendor: Wordpress
Status: WordPress User Extra Fields
Vendor: CVE Published:; 13 November 2024

Summary

The WordPress User Extra Fields plugin, developed by CodeCanyon, is susceptible to a privilege escalation flaw due to a lack of capability checks in the ajax_save_fields() function. This vulnerability affects all versions up to and including 16.6. Authenticated users with subscriber-level access and higher can exploit this vulnerability to add custom fields. Subsequently, they can utilize the check_and_overwrite_wp_or_woocommerce_fields function to modify the wp_capabilities field, effectively elevating their privileges to that of an administrator. This poses significant risks to website security, as it allows unauthorized access to critical functionalities and controls.

Affected Version(s)

WordPress User Extra Fields * <= 16.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/user-extra-fields/12949844

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2024
Vulnerability Reserved
Nov 4, 2024

Credit

Tonn