CVE-2024-52382
WordPress Matix Popup Builder plugin <= 1.0.0 - Arbitrary Option Update to Privilege Escalation vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Missing Authorization vulnerability in Medma Technologies Matix Popup Builder allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through 1.0.0.
The Matix Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on a function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
*Credits:
João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-11-11 CVE Reserved
- 2024-11-11 CVE Published
- 2024-11-15 EPSS Updated
- 2024-11-21 CVE Updated
- 2024-11-21 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-862: Missing Authorization
CAPEC
- CAPEC-233: Privilege Escalation
References (2)
| URL | Tag | Source |
|---|---|---|
| https://patchstack.com/database/vulnerability/medma-matix/wordpress-matix-popup-builder-plugin-1-0-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://github.com/RandomRobbieBF/CVE-2024-52382 | 2024-11-21 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Medma Matix Search vendor "Medma Matix" | Medma Matix Search vendor "Medma Matix" for product "Medma Matix" | >= 0.0.0 <= 1.0.0 Search vendor "Medma Matix" for product "Medma Matix" and version " >= 0.0.0 <= 1.0.0" | en |
Affected
| ||||||