CVE-2024-7624

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Aug 15, 2024

CWE ID 285

Summary

CVE-2024-7624 is a vulnerability affecting the Zephyr Project Manager plugin for WordPress. The issue allows authenticated attackers with subscriber-level access or higher to escalate their privileges and gain full access to the plugin's settings. This is due to the plugin's failure to adequately check user capabilities before allowing access to the settings through the update_user_access() function. Versions up to and including 3.3.101 are impacted by this vulnerability, making it crucial for users to update their plugins as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xmq-mV
https://www.cve.org/CVERecord?id=CVE-2024-7624
https://nvd.nist.gov/vuln/detail/CVE-2024-7624

Back to Vulnerability Database

CVE-2024-7624

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations