CVE-2024-7291

Name of the Vulnerable Software and Affected Versions JetFormBuilder plugin for WordPress versions up to, and including, 3.3.4.1

Description The issue is related to improper restriction on user meta fields, allowing authenticated attackers with administrator-level and above permissions to register as super-admins on sites configured as multi-sites. This is due to a privilege escalation issue.

Recommendations For JetFormBuilder plugin for WordPress versions up to, and including, 3.3.4.1, update to a version higher than 3.3.4.1 to resolve the issue. As a temporary workaround, consider restricting access to user meta fields to minimize the risk of exploitation.