CVE-2024-11024
CRITICALDescription
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user's email address, to reset the user's password and gain access to their account.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apppresser | apppresser |
References
Frequently Asked Questions
What is CVE-2024-11024? +
How severe is CVE-2024-11024? +
What products are affected by CVE-2024-11024? +
How do I check if I'm vulnerable to CVE-2024-11024? +
Related Vulnerabilities
The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account …
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection …
In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null …
AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection …
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an …
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server …