WordPress Plugin Vulnerabilities

Monetag Official Plugin <= 1.1.3 - Missing Authorization

Description

The Monetag Official Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
monetag-official
No known fix

References

CVE
CVE-2024-52500
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/cedf6dea-c2d8-4cbd-8a38-3b903e722668

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Kévin Mosbahi (Mika)
Verified
No
WPVDB ID
1a3c157b-e191-4879-ba3d-532ffbcdff74

Timeline

Publicly Published
2025-01-29 (about 1 year ago)
Added
2025-02-26 (about 1 year ago)
Last Updated
2025-02-26 (about 1 year ago)

Other

Published
Title
Published
2025-01-07
Title
ST Gallery WP <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Settings Update
Published
2025-12-22
Title
Premium Addons for Elementor < 4.11.54 - Unauthenticated Sensitive Information Exposure
Published
2026-04-21
Title
CalJ <= 1.5 - Authenticated (Subscriber+) Arbitrary Settings Modification via 'save-obtained-key' Action
Published
2025-03-27
Title
Conversios.io < 7.2.4 - Missing Authorization
Published
2026-06-10
Title
Royal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP Tools