CVE-2024-0701
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-0701 is a newly disclosed vulnerability affecting the UserPro plugin for WordPress. Despite the plugin's setting to disable user registration, this security feature is bypassed due to the reliance on client-side restrictions. Unauthenticated attackers can exploit this weakness and successfully register new accounts, putting WordPress sites running the vulnerable plugin versions (up to 5.1.6) at risk. This vulnerability underscores the importance of server-side validation and proper security configuration to maintain the security of user-generated content platforms.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.