CVE-2024-7624

HIGH

Zephyr Project Manager <= 3.3.101 - Authenticated Privilege Escalation via update_user_access()

Title source: llm

Description

The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to the plugin's settings through the update_user_access() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to grant themselves full access to the plugin's settings.

References (3)

Core 3

Core References

Product

https://plugins.trac.wordpress.org/browser/zephyr-project-manager/trunk/includes/Base/AjaxHandler.php?rev=3111536#L2464

Patch

https://plugins.trac.wordpress.org/changeset/3134404/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/b9ef344d-cd56-43f9-b185-de83a92800de?source=cve

Scores

CVSS v3 8.1

EPSS 0.0040

EPSS Percentile 31.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-285 CWE-863

Status published

Products (2)

dylanjkotze/Zephyr Project Manager < 3.3.101

zephyr-one/zephyr_project_manager < 3.3.102

Published Aug 15, 2024

Tracked Since Feb 18, 2026