CVE-2024-9863

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-266
View all →

Vulnerability Description

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled.

Related Vulnerabilities

CVE-2022-3458

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.p...

CWE-2662022

CVE-2022-3735

CRITICAL
CVSS:9.8(Critical)

A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access control...

CWE-2662022

CVE-2022-3771

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipu...

CWE-2662022

CVE-2022-4232

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricte...

CWE-2662022

CVE-2022-4272

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation ...

CWE-2662022

CVE-2022-4273

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employe...

CWE-2662022