CVE-2024-8246

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-269
View all →

Vulnerability Description

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to set the default role on registration forms. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with a custom role that allows them to register as administrators.

Related Vulnerabilities

CVE-2010-4664

HIGH
CVSS:8.8(High)

In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.

CWE-2692010

CVE-2012-6639

HIGH
CVSS:8.8(High)

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

CWE-2692012

CVE-2013-0643

HIGH
CVSS:8.8(High)

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restr...

CWE-2692013

CVE-2013-4583

HIGH
CVSS:8.8(High)

The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated ...

CWE-2692013

CVE-2013-6231

HIGH
CVSS:8.8(High)

SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script

CWE-2692013