CVE-2024-12402
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Jan 7, 2025
CWE ID 288
Summary
CVE-2024-12402 is a privilege escalation vulnerability affecting Themes Coder plugin for WordPress in all versions up to 1.3.4. The issue lies in the plugin's failure to validate user identities during password updates through the update_user_profile() function. This oversight allows unauthenticated attackers to alter arbitrary user passwords, including those of administrators, enabling account takeover and subsequent privilege escalation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share