CVE-2024-12594

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 24, 2024

CWE ID 862

Summary

CVE-2024-12594: The WordPress plugin "Custom Login Page Styler – Login Protected Private Site" has a privilege escalation vulnerability. This issue is found in the 'lps_generate_temp_access_url' AJAX action, which lacks necessary capability checks in all versions up to 7.1.1. Consequently, authenticated attackers with Subscriber-level access or higher can exploit this flaw to login as other users, including subscribers. This vulnerability poses a significant risk to websites using this plugin and should be patched immediately.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1h9Dx6
https://www.cve.org/CVERecord?id=CVE-2024-12594
https://nvd.nist.gov/vuln/detail/CVE-2024-12594

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners

CVE-2024-12594

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations