← Back

CVE-2024-13835

nvd nist
Published: Mar 8, 2025Modified: Apr 8, 2026

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.4. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added/modified. This makes it possible for authenticated attackers, with Administrator-level access and above, to gain elevated privileges on subsites that would otherwise be inaccessible.

Affected (1)

Wpexpertplugins
1 product
Post Meta Data Manager
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Post Meta Data Manager
Up to 1.4.3

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

Source: security@wordfence.com
Product
Source: security@wordfence.com
Third Party Advisory

Timeline

No history available yet.