CVE-2024-11024
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-11024 is a privilege escalation vulnerability affecting the AppPresser – Mobile App Framework plugin for WordPress. The flaw, present in all versions up to 4.4.6, allows unauthenticated attackers to gain access to user accounts by resetting passwords without proper verification. The attacker requires only the victim's email address to execute the attack, making it a significant security concern. This vulnerability can potentially lead to data breaches and other malicious activities. Users are advised to update their plugins to the latest version as soon as possible to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.