CVE-2024-4605
HIGHCVSS v3
8.8
HIGH
EPSS Score
20.1%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to edit this data via UI. As a result they can escalate their privileges or execute arbitrary code.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 5/14/2024
- Last Modified
- 4/15/2026
Frequently Asked Questions
What is CVE-2024-4605?
The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to edit this data via UI. As a result they can escalate their privileges or execute arbitrary code.
Is CVE-2024-4605 actively exploited?
Active exploitation of CVE-2024-4605 has not been confirmed. The EPSS score is 20.1%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2024-4605?
CVE-2024-4605 has a CVSS v3 base score of 8.8 (HIGH severity), with vector string 3.1.
Is CVE-2024-4605 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.