PT-2025-9823 · WordPress · Homey Login Register

Tonn

Published

2025-03-05

Updated

2025-03-06

CVE-2024-11951

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Homey Login Register plugin for WordPress versions up to and including 2.4.0

Description The issue allows unauthenticated attackers to gain elevated privileges by exploiting a flaw in the plugin's account registration process. This is possible because the plugin permits users to set their own role during registration, including the administrator role.

Recommendations For versions up to and including 2.4.0, update to a version that contains a fix for this issue to prevent privilege escalation.

Fix

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2024-11951

Affected Products

Homey Login Register

PT-2025-9823 · WordPress · Homey Login Register

CVE-2024-11951

Weakness Enumeration

Related Identifiers

Affected Products

References · 9