CVE-2024-50483
Published: 28 October 2024
Summary
CVE-2024-50483 is a critical-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Tareqhasan Meetup. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-50483 is an Authorization Bypass Through User-Controlled Key vulnerability, tracked as CWE-639, that affects the Meetup WordPress plugin by Tareq Hasan. The flaw impacts all versions from the initial release through 0.1 and carries a CVSS 3.1 score of 9.8, reflecting network-exploitable conditions with no required authentication or user interaction that can result in full confidentiality, integrity, and availability impacts.
An unauthenticated attacker can supply a crafted user-controlled key to bypass authorization checks, enabling privilege escalation within the WordPress instance. Because the plugin exposes this logic over the network without access controls, remote exploitation can grant administrative capabilities or other elevated rights depending on the targeted functionality.
The Patchstack advisory at the referenced URL identifies the broken authentication issue in the Meetup plugin and provides the canonical vulnerability record for remediation tracking.
EPSS values reached a peak of 0.6562 with a current score of 0.5397, indicating a material rise in predicted exploitation likelihood after disclosure that warrants renewed attention from defenders.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-44909
Vulnerability details
Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.