How severe is CVE-2024-11721?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-11721?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2024-11721 - HIGH Severity | CVSS 8.1

Vulnerability Description

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.

Related Vulnerabilities

CVE-2017-1000241

HIGH

CVSS:8.1(High)

The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and...

CWE-2692017

CVE-2017-15055

HIGH

CVSS:8.1(High)

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, ed...

CWE-2692017

CVE-2017-18884

HIGH

CVSS:8.1(High)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.

CWE-2692017

CVE-2017-9940

HIGH

CVSS:8.1(High)

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file sys...

CWE-2692017

CVE-2018-16266

HIGH

CVSS:8.1(High)

The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, an...

CWE-2692018

CVE-2018-16267

HIGH

CVSS:8.1(High)

The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggeri...

CWE-2692018