exploitDog

CVE-2024-12470

Опубликовано: 07 янв. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user.

Ссылки

EPSS

Процентиль: 59%

0.00374

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-266

Связанные уязвимости

GHSA-9g93-pxpv-276m

CVSS3: 9.8

github

около 1 года назад

The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user.

EPSS

Процентиль: 59%

0.00374

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-266