3 matches found
CVE-2024-8247
The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-8247
The CVE-2024-8247 entry concerns the Newsletters plugin for WordPress (
WordPress Newsletters Plugin <= 4.9.9.2 is vulnerable to Privilege Escalation
Software Newsletters Type Plugin Vulnerable versions = 4.9.9.2 Fixed in 4.9.9.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8247 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID eb3ac75f37d4 Credits rajesh...