2 matches found
CVE-2024-9863
CVE-2024-9863 affects the WordPress UserPro plugin (versions up to 3.6.0). Root cause: insecure default_user_role setting (administrator) enables unauthenticated users to register an administrator. Impact: privilege escalation; can occur even if registration is disabled. Public details confirm af...
WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Privilege Escalation
Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A5: Security Misconfiguration Classification Privilege Escalation CVE CVE-2024-9863 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 768f87fd904b Credits...