CVE-2024-54323
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-54323 is a new Missing Authorization vulnerability affecting WPExperts New User Approve plugin. The flaw allows unauthorized access as the plugin fails to enforce proper access control checks, exposing incorrectly configured security levels. This issue can be exploited by attackers to gain administrative privileges, potentially leading to data theft or unauthorized modifications. The vulnerability affects versions 2.6.2 and below of the New User Approve plugin. To mitigate the risk, users should update to the latest version of the plugin or consider disabling it until a patch is released.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.