Exam Matrix CVE-2024-50485
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through <= 1.5.
AnalysisAI
Privilege escalation in the Udit Rawat Exam Matrix WordPress plugin (versions up to and including 1.5) allows remote unauthenticated attackers to gain elevated privileges due to incorrect privilege assignment (CWE-266). The CVSS 9.8 rating combined with an EPSS score of 21.91% (96th percentile) signals significant attacker interest, though there is no public exploit identified at time of analysis. The flaw permits full compromise of confidentiality, integrity, and availability of the affected WordPress site.
Technical ContextAI
Exam Matrix is a WordPress plugin developed by Udit Rawat that provides online exam/quiz functionality, typically used by educational sites. The root cause is CWE-266 (Incorrect Privilege Assignment), a class of weakness where the application grants a user a privilege or role level higher than intended - commonly seen in WordPress plugins that expose AJAX endpoints, registration handlers, or role-setting functions without properly restricting which capabilities can be assigned. In this class of bug, an attacker is typically able to register or update a user account with administrator-level capabilities by manipulating role parameters that the plugin fails to validate against the requester's actual permissions.
Affected ProductsAI
The vulnerability affects the Udit Rawat Exam Matrix WordPress plugin from an unspecified initial version through version 1.5 inclusive (the upper bound listed as '<= 1.5' with lower bound n/a). No CPE string was provided in the input data. The Patchstack advisory (audit@patchstack.com is the reporting CNA) at patchstack.com should be consulted for the canonical affected-version list and any vendor advisory URL.
RemediationAI
No vendor-released patch identified at time of analysis based on the supplied data; the description ends the affected range at <= 1.5 without naming a fixed version, so administrators should check the plugin's WordPress.org page and the Patchstack advisory (audit@patchstack.com) for an updated release beyond 1.5 and apply it once available. As compensating controls until a confirmed patched version is installed: deactivate and remove the Exam Matrix plugin entirely if exam functionality is not currently in use (zero side effect for non-users); if the plugin is required, restrict access to wp-admin and the plugin's AJAX/REST endpoints via web application firewall rules or .htaccess IP allowlisting (side effect: blocks legitimate remote admin access from non-allowlisted IPs); disable WordPress open user registration under Settings > General if it is not required (side effect: legitimate self-service signup is blocked); and audit existing WordPress users for unexpected administrator or editor accounts created since the plugin was installed, removing any not recognized.
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today