CVE-2024-6698
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-6698 is a privilege escalation vulnerability affecting the FundEngine plugin for WordPress. The issue lies in the plugin's failure to properly verify user meta updated through the update_user_meta function. As a result, authenticated attackers with subscriber-level access and above can manipulate their user meta to elevate their capabilities and gain administrator access. This vulnerability poses a significant risk to WordPress sites using the FundEngine plugin, and it is crucial that users update to the latest version as soon as possible to mitigate the threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.