2 matches found
CVE-2024-11103
creationtimestamp| type| source ---|---|--- 2024-11-28 10:04:33+00:00| seen| https://infosec.exchange/users/cve/statuses/113560012257677452...
CVE-2024-11103 Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover
The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated...