CVE-2024-50485: 
WordPress vulnerability analysis and mitigation

The Exam Matrix WordPress plugin, versions up to and including 1.5, contains a critical Privilege Escalation vulnerability (CVE-2024-50485). This security flaw was discovered and reported by researcher ghsinfosec on October 19, 2024, and was publicly disclosed on October 25, 2024. The vulnerability affects all versions of the Exam Matrix plugin through version 1.5, with no official fix currently available (Patchstack).

The vulnerability has been assigned a CVSS v3.1 score of 9.8 (Critical), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. It is classified as an Incorrect Privilege Assignment vulnerability (CWE-266) that allows for privilege escalation. The vulnerability can be exploited without requiring authentication, making it particularly dangerous (NVD).

The vulnerability allows malicious actors to escalate their privileges from a low-privileged account to one with higher privileges. If successfully exploited, attackers could potentially gain full control of the affected website. The high CVSS score indicates that this vulnerability is considered highly dangerous and is expected to become mass exploited (Patchstack).

Currently, there is no official fix available from the plugin developer. However, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement mitigation measures immediately (Patchstack).