CVE-2024-11443

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 12, 2024
CWE ID 862

Summary

CVE-2024-11443 is a vulnerability affecting the de:branding plugin for WordPress. This issue allows authenticated attackers with subscriber-level access or higher to modify data unchecked through the debranding_save() function. As a result, they can update arbitrary options on the WordPress site, including the default role for registration, which can be changed to administrator. Therefore, attackers can gain administrative user access to vulnerable sites. This vulnerability exists in all versions up to and including 1.0.2.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share