CVE-2024-9195: WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update
Description
The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the update_settings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Classification
CVE ID: CVE-2024-9195
CVSS Base Severity: HIGH
CVSS Base Score: 8.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem Types
CWE-862 Missing AuthorizationAffected Products
Vendor: creativeon
Product: WHMCS Client Area for WordPress by WHMpress
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 3.03% (scored less or equal to compared to others)
EPSS Date: 2025-03-29 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2024-9195https://www.wordfence.com/threat-intel/vulnerabilities/id/c8af0c5c-3d7b-416d-9d10-6867fcf909a5?source=cve
https://codecanyon.net/item/whmcs-client-area-whmpress-addon/11218646