CVE-2024-11024

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-230
View all →

Vulnerability Description

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user's email address, to reset the user's password and gain access to their account.

Related Vulnerabilities

CVE-2024-10508

CRITICAL
CVSS:9.8(Critical)

The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6....

CWE-2302024

CVE-2024-0048

HIGH
CVSS:8.4(High)

In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privile...

CWE-2302024

CVE-2024-10508

CRITICAL
CVSS:9.8(Critical)

The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6....

CWE-2302024

CVE-2024-0048

HIGH
CVSS:8.4(High)

In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privile...

CWE-2302024

CVE-2024-0208

HIGH
CVSS:7.5(High)

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

CWE-2302024

CVE-2024-9781

HIGH
CVSS:7.5(High)

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

CWE-2302024