CVE-2024-8420

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 28, 2025

Updated: Mar 6, 2025

CWE ID 269

CWE ID 266

Summary

CVE-2024-8420 is a privilege escalation vulnerability affecting the DHVC Form plugin for WordPress. In all versions up to 2.4.7, the plugin allows users to register with a specified 'role' field. Unauthenticated attackers can exploit this weakness to register as an administrator, gaining elevated access to WordPress sites. This issue poses a serious risk to website security and requires immediate patching.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/yVhh4k
https://www.cve.org/CVERecord?id=CVE-2024-8420
https://nvd.nist.gov/vuln/detail/CVE-2024-8420

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-8420

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations