CVE-2024-6624

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 11, 2024

Updated: Jul 12, 2024

Summary

CVE-2024-6624 is a privilege escalation vulnerability affecting the JSON API User plugin for WordPress. This issue, present in versions 3.9.3 and below, allows unauthenticated attackers to register as administrators due to insufficient controls on custom user meta fields. To exploit this weakness, the JSON API plugin must also be installed on the WordPress site. This vulnerability poses a significant security risk, as it enables unauthorized access to sensitive administrative functions. WordPress users are advised to update their JSON API User plugin to the latest version to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/w78M2Y
https://www.cve.org/CVERecord?id=CVE-2024-6624
https://nvd.nist.gov/vuln/detail/CVE-2024-6624

Back to Vulnerability Database

CVE-2024-6624

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations