Cyber Resilience

CVE-2024-50483

Critical

Published: 28 October 2024

Published
28 October 2024
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.5397 98.1th percentile
Risk Priority 52 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-50483 is a critical-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Tareqhasan Meetup. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 1.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-50483 is an Authorization Bypass Through User-Controlled Key vulnerability, tracked as CWE-639, that affects the Meetup WordPress plugin by Tareq Hasan. The flaw impacts all versions from the initial release through 0.1 and carries a CVSS 3.1 score of 9.8, reflecting network-exploitable conditions with no required authentication or user interaction that can result in full confidentiality, integrity, and availability impacts.

An unauthenticated attacker can supply a crafted user-controlled key to bypass authorization checks, enabling privilege escalation within the WordPress instance. Because the plugin exposes this logic over the network without access controls, remote exploitation can grant administrative capabilities or other elevated rights depending on the targeted functionality.

The Patchstack advisory at the referenced URL identifies the broken authentication issue in the Meetup plugin and provides the canonical vulnerability record for remediation tracking.

EPSS values reached a peak of 0.6562 with a current score of 0.5397, indicating a material rise in predicted exploitation likelihood after disclosure that warrants renewed attention from defenders.

EU & UK References

Vulnerability details

Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

tareqhasan
meetup
≤ 0.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-639

Per-request decision making makes it harder to bypass authorization using user-controlled keys without proper validation in the decision process.

addresses: CWE-639

Consistent enforcement of approved authorizations makes bypassing via user-controlled keys ineffective.

References