CVE-2024-8853
CRITICALDescription
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'.
Is your site exposed to CVE-2024-8853?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| medialibs | webo-facto |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-8853? +
How severe is CVE-2024-8853? +
What products are affected by CVE-2024-8853? +
How do I check if I'm vulnerable to CVE-2024-8853? +
Related Vulnerabilities
A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a …
NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom …
PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a …
A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions …
A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical …
A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on …