3 matches found
WordPress User Registration Plugin <= 3.2.0.1 is vulnerable to Broken Access Control
Software User Registration Type Plugin Vulnerable versions = 3.2.0.1 Fixed in 3.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4958 Patch priority Low CVSS severity Low 7.1 Developer Masteriyo PSID 2a769906d907 Credits Thanh Nam Tran Required privileg...
CVE-2024-4958
CVE-2024-4958 concerns the WordPress plugin “User Registration – Custom Registration Form, Login Form, and User Profile” up to version 3.2.0.1. The flaw is a missing capability check in the import_form_action function which allows authenticated users with contributor-level permissions and above t...
CVE-2024-4958 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importformaction' function in versions up to, and including, 3.2.0.1. This makes it...