CVE-2024-11024

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 26, 2024
CWE ID 230

Summary

CVE-2024-11024 is a privilege escalation vulnerability affecting the AppPresser – Mobile App Framework plugin for WordPress. The flaw, present in all versions up to 4.4.6, allows unauthenticated attackers to gain access to user accounts by resetting passwords without proper verification. The attacker requires only the victim's email address to execute the attack, making it a significant security concern. This vulnerability can potentially lead to data breaches and other malicious activities. Users are advised to update their plugins to the latest version as soon as possible to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share