CVE-2024-9863

CVE-2024-9863 affects the WordPress UserPro plugin (versions up to 3.6.0). Root cause: insecure default_user_role setting (administrator) enables unauthenticated users to register an administrator. Impact: privilege escalation; can occur even if registration is disabled. Public details confirm af...