exploitDog

CVE-2024-9941

Опубликовано: 23 нояб. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new user accounts with the administrator role.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mojoomla:wordpress_gym_management_system:*:*:*:*:*:wordpress:*:*

Версия до 67.2.0 (исключая)

EPSS

Процентиль: 22%

0.00072

Низкий

8.8 High

CVSS3

Дефекты

CWE-269

CWE-862

Связанные уязвимости

GHSA-g7hv-g729-xq68

CVSS3: 8.8

github

около 1 года назад

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new user accounts with the administrator role.

EPSS

Процентиль: 22%

0.00072

Низкий

8.8 High

CVSS3

Дефекты

CWE-269

CWE-862