cbcvebase.
CVE-2024-4605
published 2024-05-14

CVE-2024-4605: The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the…

PriorityP258high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.90%
55.2th percentile
The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to edit this data via UI. As a result they can escalate their privileges or execute arbitrary code.

Affected

2 ranges
VendorProductVersion rangeFixed in
breakdancebreakdance<= 1.7.1
linuxlinux_kernel>= 0 < 6.12.8-16.12.8-1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.