CVE-2024-9265

Name of the Vulnerable Software and Affected Versions The Echo RSS Feed Post Generator plugin for WordPress versions up to, and including, 5.4.6

Description The issue is related to privilege escalation due to the plugin not properly restricting the roles that can be set during registration through the echo check post header sent() function. This allows unauthenticated attackers to register as administrators.

Recommendations For versions up to, and including, 5.4.6, update to a version that contains a fix for this issue. As a temporary workaround, consider disabling the echo check post header sent() function until a patch is available. Restrict access to the registration process to minimize the risk of exploitation. Avoid using the vulnerable registration functionality until the issue is resolved.