2 matches found
CVE-2024-8428 ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submitformhandler due to missing validation on the 'userid' user controlled key. This makes it possible...
WordPress ForumWP Plugin <= 2.0.2 is vulnerable to Privilege Escalation
Software ForumWP Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8428 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 04472abbfa0c Credits wesley wcraft...