CVE-2024-49644
Published: 07 January 2025
Description
Incorrect Privilege Assignment vulnerability in AllAccessible Accessibility by AllAccessible allaccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through <= 1.3.4.
Security Summary
CVE-2024-49644 is an Incorrect Privilege Assignment vulnerability (CWE-266) in the WordPress plugin Accessibility by AllAccessible, also referred to as allaccessible. This flaw enables privilege escalation and affects all versions of the plugin from its initial release through 1.3.4.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A low-privileged authenticated user can exploit it remotely with low complexity and without requiring user interaction, potentially achieving high-impact effects on confidentiality, integrity, and availability through escalated privileges.
Patchstack has documented the issue in its vulnerability database for WordPress plugins, with details available at https://patchstack.com/database/Wordpress/Plugin/allaccessible/vulnerability/wordpress-accessibility-by-allaccessible-plugin-1-3-4-privilege-escalation-vulnerability?_s_id=cve.
Details
- CWE(s)