PT-2024-37804 · WordPress · Wordpress Plugin
John Castro
·
Published
2024-07-16
·
Updated
2024-08-21
·
CVE-2024-6695
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Popular WordPress Plugin (affected versions not specified)
Description
The issue allows an attacker to gain administrative access without having an account on the targeted site, enabling them to perform unauthorized actions. This is caused by improper logic flow in the user registration process. It's estimated that around 50,000 sites are exposed to this issue.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wordpress Plugin