PT-2025-9073 · WordPress · Dhvc Form

Tonn

Published

2025-02-28

Updated

2025-03-05

CVE-2024-8420

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DHVC Form plugin for WordPress versions prior to 2.4.8

Description The issue allows unauthenticated attackers to register as administrators on sites due to the plugin permitting users to supply the role field when registering.

Recommendations For versions prior to 2.4.8, update to version 2.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the user registration functionality until the update is applied.

Fix

LPE

Improper Privilege Management

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-266

Related Identifiers

CVE-2024-8420

Affected Products

Dhvc Form

PT-2025-9073 · WordPress · Dhvc Form

CVE-2024-8420

Weakness Enumeration

Related Identifiers

Affected Products

References · 10