CVE-2024-8428

Summary

CVE-2024-8428 identifies a privilege escalation vulnerability in the ForumWP – Forum & Discussion Board Plugin for WordPress, affecting all versions up to and including 2.0.2. The flaw arises from inadequate validation on the 'user_id' key in the submit_form_handler function, allowing authenticated attackers with subscriber-level access or higher to change admin users' email addresses. This could enable attackers to reset administrative passwords and gain unauthorized access to accounts, posing significant risks to organizational security. To mitigate this vulnerability, users are advised to update the plugin to a secure version as soon as possible. The severity of this vulnerability is rated as high, with potential impacts on both confidentiality and integrity of user data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.