CVE-2024-2505
Published: 29 April 2024
Summary
CVE-2024-2505 is a high-severity an unspecified weakness vulnerability in Gamipress Gamipress. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 29.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-27454
Vulnerability details
The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles…
more
broken access control, enabling unauthorized users to modify critical GamiPress WordPress plugin before 6.8.9 configurations.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Broken access control enables low-privileged Authors to exploit the vulnerability for privilege escalation (T1068) by manipulating plugin settings to grant unauthorized access (e.g., manage_options) to lower-privileged users like Subscribers, facilitating account manipulation (T1098).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.