Descrição
The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin requires the JSON API plugin to also be installed.
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2024-6624
Tags
Nâo informado
Data de publicação
11/07/2024
Última atualização
08/12/2024
Pontuação em CVSS 3.0
9.8
Crítico