9.8
CVE-2025-0177
- EPSS 0.42%
- Veröffentlicht 08.03.2025 09:15:31
- Zuletzt bearbeitet 13.03.2025 13:05:42
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginJavo Core <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup
Javo Core <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup
The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
Mögliche Gegenmaßnahme
Javo Core: Update to version 3.0.0.266, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Javothemes ≫ Javo Core SwPlatformwordpress Version < 3.0.0.266
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Javo Core
Version
*-3.0.0.080
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.331 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
https://www.wordfence.com/threat-intel/vulnerabilities/id/7d636768-37b4-4343-9028-30e7b1f997f2?source=cve
https://themeforest.net/item/javo-directory-wordpress-theme/8390513#item-description__update-history
https://www.wordfence.com/threat-intel/vulnerabilities/id/7d636768-37b4-4343-9028-30e7b1f997f2