CVE-2024-56040

Name of the Vulnerable Software and Affected Versions: VibeBP versions 1.9.9.4.1 and earlier

Description: The issue is related to an Incorrect Privilege Assignment vulnerability, which allows Privilege Escalation. This vulnerability is associated with the vibebp register user() function in the includes/class.ajax.php script of the VibeBP plugin for WordPress, and it is linked to insufficient access control. The exploitation of this vulnerability can enable a remote attacker to elevate their privileges.

Recommendations: For VibeBP versions 1.9.9.4.1 and earlier, consider disabling the vibebp register user() function as a temporary workaround until a patch is available. Restrict access to the includes/class.ajax.php script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.