Exploit for CVE-2024-6624

CVE-2024-6624 | JSON API User = 3.9.3 - Unauthenticated Pri...

CVE-2024-6624

The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin require...

CVE-2024-6624

The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin require...

CVE-2024-6624

CVE-2024-6624 affects JSON API User (WordPress) up to v3.9.3, enabling unauthenticated privilege escalation due to improper handling of custom user meta. Exploit activity exists: GitHub exploits show unauthenticated admin registration; Wordfence notes the entry is patched. Affected plugin require...

CVE-2024-6624 JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation

The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin require...

CVE-2024-6624 JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation

The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin require...

PT-2024-37753 · WordPress · Json Api User +1

Name of the Vulnerable Software and Affected Versions: JSON API User plugin for WordPress versions up to, and including, 3.9.3 Description: The issue is due to improper controls on custom user meta fields, making it possible for unauthenticated attackers to register as administrators on the site...

WordPress plugin JSON API User security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress JSON API User plugin <= 3.9.3 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Thanh Nam Tran in WordPress Plugin JSON API User versions = 3.9.3...

WordPress JSON API User Plugin <= 3.9.3 is vulnerable to Privilege Escalation

Software JSON API User Type Plugin Vulnerable versions = 3.9.3 Fixed in 3.9.4 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-6624 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c77720f52f77 Credits Thanh Nam Tran Required privile...