8.1
CVE-2024-11721
- EPSS 0.53%
- Veröffentlicht 14.12.2024 09:15:06
- Zuletzt bearbeitet 05.06.2025 15:29:36
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginFrontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Privilege Escalation
Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Privilege Escalation
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.
Mögliche Gegenmaßnahme
Frontend Admin by DynamiApps: Update to version 3.25.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dynamiapps ≫ Frontend Admin SwPlatformwordpress Version < 3.25.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Frontend Admin by DynamiApps
Version
*-3.24.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.405 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
https://plugins.trac.wordpress.org/changeset/3204192/acf-frontend-form-element/trunk/main/frontend/fields/user/class-role.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/e9fdc833-8384-42c0-ad9b-72e5b6351964?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/e9fdc833-8384-42c0-ad9b-72e5b6351964