High severity7.2NVD Advisory· Published Mar 8, 2025· Updated Apr 8, 2026
CVE-2024-13835
CVE-2024-13835
Description
The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.4. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added/modified. This makes it possible for authenticated attackers, with Administrator-level access and above, to gain elevated privileges on subsites that would otherwise be inaccessible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:wpexpertplugins:post_meta_data_manager:*:*:*:*:*:wordpress:*:*Range: <=1.4.3
- Range: <=1.4.4
Patches
Vulnerability mechanics
References
2- www.wordfence.com/threat-intel/vulnerabilities/id/568aa6d6-10a1-4653-ab95-845faf005b8envdThird Party Advisory
- wordpress.org/plugins/post-meta-data-manager/nvdProduct
News mentions
0No linked articles in our index yet.