Vulnerability CVE-2024-7624
Published: 2024-08-15

Description:
The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to the plugin's settings through the update_user_access() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to grant themselves full access to the plugin's settings.

 References:
https://www.wordfence.com/threat-intel/vulnerabilities/id/b9ef344d-cd56-43f9-b185-de83a92800de?source=cve
https://plugins.trac.wordpress.org/browser/zephyr-project-manager/trunk/includes/Base/AjaxHandler.php?rev=3111536#L2464
https://plugins.trac.wordpress.org/changeset/3134404/
Copyright 2026, cxsecurity.com

 

Back to Top