CVE-2024-50506
WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Privilege Escalation vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Incorrect Privilege Assignment vulnerability in Azexo Marketing Automation by AZEXO allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80.
La vulnerabilidad de asignaciĆ³n incorrecta de privilegios en Azexo Marketing Automation de AZEXO permite la escalada de privilegios. Este problema afecta a Marketing Automation de AZEXO: desde n/a hasta la versiĆ³n 1.27.80.
The Marketing Automation by AZEXO plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.27.80. This is due to the plugin not properly retricting functionality that allows a user to elevate their privileges. This makes it possible for authenticated attackers, with Subscriber-level access and above, to gain administrator access to a site.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-10-24 CVE Reserved
- 2024-10-28 CVE Published
- 2024-10-31 EPSS Updated
- 2024-12-12 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-266: Incorrect Privilege Assignment
CAPEC
- CAPEC-233: Privilege Escalation
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Marketing Automation By Azexo Search vendor "Marketing Automation By Azexo" | Marketing Automation By Azexo Search vendor "Marketing Automation By Azexo" for product "Marketing Automation By Azexo" | >= 0.0.0 <= 1.27.80 Search vendor "Marketing Automation By Azexo" for product "Marketing Automation By Azexo" and version " >= 0.0.0 <= 1.27.80" | en |
Affected
| ||||||