4 matches found
CVE-2024-12470
The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to...
CVE-2024-12470
The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to...
CVE-2024-12470
creationtimestamp| type| source ---|---|--- 2025-01-07 04:36:56+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/305 2025-01-07 05:17:28+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vian6ao2i 2025-01-07 05:48:10+00:00| seen|...
CVE-2024-12470
CVE-2024-12470 affects the WordPress plugin School Management System – SakolaWP (SakolaWP-lite) up to version 1.0.8. Root cause: the registration function does not correctly restrict allowable user roles, enabling an unauthenticated attacker to register as an administrator. Impact: administrator ...