CVE-2024-8420

DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation

CVSS 9.8 CRITICALEPSS 0.5%CWE-266

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.8EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

28 fev 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

SiteSao · DHVC Form

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://codecanyon.net/item/dhvc-form-wordpress-form-for-visual-composer/8326593 https://www.wordfence.com/threat-intel/vulnerabilities/id/e4d51a0c-c625-4732-b345-df02971fbffa?source=cve