CVE-2024-10900

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Nov 20, 2024

Updated: Nov 29, 2024

CWE ID 862

Summary

CVE-2024-10900 is a vulnerability affecting the ProfileGrid plugin for WordPress. The issue lies in the pm_remove_file_attachment() function, which lacks proper capability checks. This deficiency allows authenticated attackers with subscriber-level access and above to delete arbitrary user meta. Consequences of this vulnerability can result in denial of access for administrators. All versions of the plugin up to, and including, 5.9.3.6, are reportedly affected.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0Pgve4
https://www.cve.org/CVERecord?id=CVE-2024-10900
https://nvd.nist.gov/vuln/detail/CVE-2024-10900

Back to Vulnerability Database

CVE-2024-10900

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations