CVE-2024-50476 CRITICAL

CVE-2024-50476: WordPress GRÜN spendino Spendenformular plugin <= 1.0.1 - Arbitrary Option Update to Privilege Escalation vulnerability

Vendor Grün Software Group Gmbh
Product GRÜN spendino Spendenformular
Weakness CWE-862 · Missing authorization
Published October 29, 2024
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular spendino allows Privilege Escalation.This issue affects GRÜN spendino Spendenformular: from n/a through <= 1.0.1.

Key dates

02Disclosure timeline

October 29, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-3320 Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint command CVE-2025-24654 WordPress Squirrly SEO plugin <= 12.4.07 - Broken Access Control vulnerability CVE-2025-64630 WordPress Business Directory plugin <= 6.4.19 - Broken Access Control vulnerability CVE-2026-27327 WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability CVE-2022-2543 Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection