Skip to main content

Meetup WordPress Plugin CVE-2024-50483

CRITICAL
Authorization Bypass Through User-Controlled Key (CWE-639)
2024-10-28 audit@patchstack.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 28, 2024 - 13:15 nvd
CRITICAL 9.8

DescriptionCVE.org

Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1.

AnalysisAI

Privilege escalation in Tareq Hasan's Meetup WordPress plugin (versions through 0.1) allows remote unauthenticated attackers to bypass authorization checks via user-controlled key manipulation. With EPSS at 65.62% (98th percentile), exploitation probability is high, though no public exploit identified at time of analysis. Patchstack reported this CVSS 9.8 issue affecting a WordPress ecosystem plugin.

Technical ContextAI

The vulnerability is rooted in CWE-639 (Authorization Bypass Through User-Controlled Key), an Insecure Direct Object Reference (IDOR) class flaw where the application uses a user-supplied identifier (such as a user ID, object ID, or session key) without verifying that the requester is authorized to act on that resource. The affected component is the Meetup plugin by Tareq Hasan (CPE: cpe:2.3:a:tareqhasan:meetup:*:*:*:*:*:wordpress:*:*), which integrates with WordPress to manage meetup functionality. In WordPress plugin contexts, this class of bug typically appears in AJAX handlers or REST endpoints that accept a user-controlled parameter and act on it without calling current_user_can() or comparing against the authenticated session's user ID, enabling horizontal or vertical privilege escalation.

RemediationAI

No vendor-released patch identified at time of analysis - the advisory indicates the vulnerability affects all versions up to and including 0.1 with no fixed version listed. Given the absence of a patched release, the most defensible action is to deactivate and remove the Meetup plugin from affected WordPress installations until the maintainer publishes a fix; this fully eliminates exposure but obviously removes plugin functionality. As a compensating control if removal is not acceptable, restrict access to the plugin's AJAX endpoints (admin-ajax.php actions registered by the plugin) and any custom REST routes via a Web Application Firewall rule that requires authenticated sessions and validates that user-supplied ID parameters match the requester's user ID - this preserves functionality at the cost of WAF tuning effort and potential breakage of legitimate workflows. Monitor the Patchstack advisory page and the plugin's repository for an updated release.

Share

CVE-2024-50483 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy