Lucene search
WpvulndbWPVDB-ID:24A28DC0-24A4-4D4E-89A0-310592D77FBAHistoryAug 22, 2023 - 12:00 a.m.
Donation Forms by Charitable < 1.7.0.13 - Unauthenticated Privilege Escalation
2023-08-2200:00:00
wpscan.com
3
charitable
donation forms
unauthenticated
privilege escalation
vulnerability
registration form
shortcode
Description The plugin does not validate parameters supplied to the update_core_user() function, which could allow users to register an account with any role (such as administrator) when registering via the registration form of the plugin (ie the [charitable_registration] shortcode embed in a page/post)
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.7.0.13 |
Related
wordfence
wordfence
prion
prion
Design/Logic Flaw
2023-08-23 02:15:00
packetstorm
packetstorm
cve
cve
CVE-2023-4404
2023-08-23 02:15:08
cvelist
cvelist
CVE-2023-4404
2023-08-23 01:58:02
nvd
nvd
CVE-2023-4404
2023-08-23 02:15:08
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.1%
Related for WPVDB-ID:24A28DC0-24A4-4D4E-89A0-310592D77FBA