8.8
CVE-2024-8246
- EPSS 0.34%
- Veröffentlicht 14.09.2024 04:15:04
- Zuletzt bearbeitet 26.09.2024 14:00:09
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to set the default role on registration forms. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with a custom role that allows them to register as administrators.
Mögliche Gegenmaßnahme
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC): Update to version 2.8.12, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
Version
*-2.8.11
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Themekraft ≫ Buddyforms SwPlatformwordpress Version < 2.8.12
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.562 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.