CVE-2024-50476

CRITICAL

GRÜN spendino Spendenformular <1.0.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-50476. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary This PoC exploits CVE-2024-50476, an unauthenticated arbitrary options update vulnerability in the GRÜN spendino Spendenformular WordPress plugin. It allows attackers to enable user registration and set the default role to administrator, leading to privilege escalation.

Description

Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular spendino allows Privilege Escalation.This issue affects GRÜN spendino Spendenformular: from n/a through <= 1.0.1.

Exploits (1)

nomisec WORKING POC
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-50476

This PoC exploits CVE-2024-50476, an unauthenticated arbitrary options update vulnerability in the GRÜN spendino Spendenformular WordPress plugin. It allows attackers to enable user registration and set the default role to administrator, leading to privilege escalation.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: GRÜN spendino Spendenformular <= 1.0.1
No auth needed
Prerequisites: WordPress site with vulnerable plugin installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0122
EPSS Percentile 64.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-862
Status published
Products (1)
GRÜN Software Group GmbH/GRÜN spendino Spendenformular < 1.0.1
Published Oct 29, 2024
Tracked Since Feb 18, 2026