How severe is CVE-2024-10508?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2024-10508?

This is classified as CWE-230, which is a common weakness in software security.

CVE-2024-10508 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, and gain access to these accounts.

Related Vulnerabilities

CVE-2024-11024

CRITICAL

CVSS:9.8(Critical)

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properl...

CWE-2302024

CVE-2024-0048

HIGH

CVSS:8.4(High)

In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privile...

CWE-2302024

CVE-2024-11024

CRITICAL

CVSS:9.8(Critical)

CWE-2302024

CVE-2024-0048

HIGH

CVSS:8.4(High)

CWE-2302024

CVE-2024-0208

HIGH

CVSS:7.5(High)

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

CWE-2302024

CVE-2024-9781

HIGH

CVSS:7.5(High)

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

CWE-2302024