CVE-2024-52500

High

Published: 14 February 2025

Published

14 February 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

EPSS Score 0.0010 26.7th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3.

Security Summary

CVE-2024-52500 is a missing authorization vulnerability (CWE-862) in the Monetag Official WordPress plugin (monetag-official), affecting all versions through 1.1.3. The flaw allows exploitation of incorrectly configured access control security levels, enabling unauthorized actions within the plugin's functionality.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required (AV:N/AC:L/PR:N/UI:N). Successful exploitation leads to low-impact violations of integrity and availability, with a changed scope (S:C), as reflected in the CVSS v3.1 base score of 7.2 (C:N/I:L/A:L).

Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/monetag-official/vulnerability/wordpress-monetag-official-plugin-plugin-1-1-3-broken-access-control-vulnerability?_s_id=cve.

Details

CWE(s): CWE-862

References

https://patchstack.com/database/Wordpress/Plugin/monetag-official/vulnerability/wordpress-monetag-official-plugin-plugin-1-1-3-broken-access-control-vulnerability?_s_id=cve
audit@patchstack.com