CVE-2024-8682

Name of the Vulnerable Software and Affected Versions The JNews - WordPress Newspaper Magazine Blog AMP Theme versions prior to 11.6.7

Description The issue arises from the theme not properly validating if the user can register option is enabled before creating a user through the register handler() function. This allows unauthenticated attackers to register as a user even when user registration is disabled.

Recommendations For versions prior to 11.6.7, update to version 11.6.7 or later to resolve the issue. As a temporary workaround, consider disabling the register handler() function until a patch is available. Restrict access to user registration to minimize the risk of exploitation.