Описание
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.
Уязвимые конфигурации
Конфигурация 1Версия до 2.4.8 (исключая)
cpe:2.3:a:sitesao:dhvc_form:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 70%
0.00638
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-266
CWE-269
Связанные уязвимости
CVSS3: 9.8
github
11 месяцев назад
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.
EPSS
Процентиль: 70%
0.00638
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-266
CWE-269