- Description
- The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
🚨 CVE-2024-11194 (Published: 2024-11-19) - A high-severity vulnerability affects Wordfence. Ensure you're using the latest version to mitigate risks. For detailed remediation steps, check out the full report: https://t.co/n9t7GvBA2R #CyberSecurity #Wordfence
@transilienceai
22 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11194 (Published: 2024-11-19) - A high-severity vulnerability in WordPress Classified Listing plugin (versions prior to 3.1.12) allows exploitation. 🔒 Update to the latest version to mitigate risks. For more details, check the code: https://t.co/GWFXN4BXls #WordPress
@transilienceai
22 Nov 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11194 (Published: 2024-11-19) - A high-severity vulnerability in WordPress Classified Listing plugin (versions prior to 3.1.12) allows exploitation. 🔒 Remediation: Update to the latest version to secure your site. More info: [WordPress Trac](https://t.co/GWFXN4BXls)…
@transilienceai
22 Nov 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11194 The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege… https://t.co/KAjEv4trpK
@CVEnew
19 Nov 2024
332 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-11194: HIGH] WordPress plugin 'The Classified Listing – Classified ads & Business Directory Plugin' has a flaw allowing attackers to escalate privileges. Update to version 3.1.15.2 to secure your site. ...#cybersecurity,#vulnerability https://t.co/cb2LEXkmUH https:/
@CveFindCom
19 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes