CVE-2024-13376

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-269
View all →

Vulnerability Description

The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Related Vulnerabilities

CVE-2010-4664

HIGH
CVSS:8.8(High)

In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.

CWE-2692010

CVE-2012-6639

HIGH
CVSS:8.8(High)

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

CWE-2692012

CVE-2013-0643

HIGH
CVSS:8.8(High)

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restr...

CWE-2692013

CVE-2013-4583

HIGH
CVSS:8.8(High)

The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated ...

CWE-2692013

CVE-2013-6231

HIGH
CVSS:8.8(High)

SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script

CWE-2692013