CVE-2024-11816
Published: 08 January 2025
Summary
CVE-2024-11816 is a high-severity Missing Authorization (CWE-862) vulnerability in Wpextended Ultimate Wordpress Toolkit. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 5.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for logical access, directly addressing the missing capability check in wpext_handle_snippet_update that enables authenticated low-privilege users to achieve RCE.
Employs the principle of least privilege to restrict Subscriber-level and higher users from executing privileged snippet update functions leading to arbitrary code execution.
Requires timely identification, reporting, and correction of flaws like the RCE vulnerability in WP Extended plugin version 3.0.11 through patching or updates.
NVD Description
The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level…
more
access and above, to execute code on the server providing an admin has created at least one code snippet.
Deeper analysisAI
CVE-2024-11816 is a Remote Code Execution (RCE) vulnerability in the Ultimate WordPress Toolkit – WP Extended plugin for WordPress, affecting version 3.0.11. The issue stems from a missing capability check in the 'wpext_handle_snippet_update' function, classified under CWE-862 (Missing Authorization). It was published on 2025-01-08 with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high confidentiality, integrity, and availability impacts.
Authenticated attackers with Subscriber-level access or higher can exploit this vulnerability to execute arbitrary code on the affected server. Exploitation requires that an administrator has previously created at least one code snippet, enabling the attacker to leverage the unchecked function for RCE over the network with low complexity and no user interaction.
Advisories and related resources include the WordPress plugin trac repository, showing the vulnerable code at line 705 in includes/modules/core_extensions/wpext_snippets/wpext_snippets.php and a specific changeset (3213331 for wpextended). Additional details are provided in Wordfence threat intelligence at the referenced vulnerability page.
Details
- CWE(s)