3 matches found
CVE-2024-5324
CVE-2024-5324 affects the WordPress plugin Login/Signup Popup (Inline Form + Woocommerce). Versions 2.7.1–2.7.2 lack a capability check in import_settings, allowing authenticated users with Subscriber-level access and above to modify arbitrary options, enabling new user registrations and potentia...
CVE-2024-5324 XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update
Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
WordPress Login/Signup Popup Plugin <= 2.7.2 is vulnerable to Broken Access Control
Software Login/Signup Popup Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5324 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8315f4731f19 Credits 1337Wannabe - home Requir...