Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-54363

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-16 Dec, 2024 | 14:31
Updated At-16 Dec, 2024 | 16:36
Rejected At-
Credits

WordPress Wp NssUser Register plugin <= 1.0.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:16 Dec, 2024 | 14:31
Updated At:16 Dec, 2024 | 16:36
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Wp NssUser Register plugin <= 1.0.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0.

Affected Products
Vendor
nssTheme
Product
Wp NssUser Register
Collection URL
https://wordpress.org/plugins
Package Name
wp-nssuser-register
Default Status
unaffected
Versions
Affected
  • From n/a through 1.0.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-266CWE-266 Incorrect Privilege Assignment
Type: CWE
CWE ID: CWE-266
Description: CWE-266 Incorrect Privilege Assignment
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233 Privilege Escalation
CAPEC ID: CAPEC-233
Description: CAPEC-233 Privilege Escalation
Solutions
Configurations
Workarounds
Exploits
Credits
finder
ghsinfosec (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/wp-nssuser-register/vulnerability/wordpress-wp-nssuser-register-plugin-1-0-0-privilege-escalation-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/wp-nssuser-register/vulnerability/wordpress-wp-nssuser-register-plugin-1-0-0-privilege-escalation-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:16 Dec, 2024 | 15:15
Updated At:16 Dec, 2024 | 15:15

Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-266Primaryaudit@patchstack.com
CWE ID: CWE-266
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/wp-nssuser-register/vulnerability/wordpress-wp-nssuser-register-plugin-1-0-0-privilege-escalation-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/wp-nssuser-register/vulnerability/wordpress-wp-nssuser-register-plugin-1-0-0-privilege-escalation-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

61Records found
CVE-2024-9082
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 52.19%
||
7 Day CHG~0.00%
Published-22 Sep, 2024 | 08:00
Updated-31 Mar, 2025 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Eyewear Shop User Creation Users.php improper authorization

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save of the component User Creation Handler. The manipulation of the argument Type with the input 1 leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-online_eyewear_shopOnline Eyewear Shoponline_eyewear_shop
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-9863
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 63.40%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 02:06
Updated-18 Oct, 2024 | 12:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Miniorange OTP Verification with Firebase <= 3.6.0 - Privilege Escalation via Registration due to Administrator Default User Role Value

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled.

Action-Not Available
Vendor-cyberlord92miniorange
Product-Miniorange OTP Verification with Firebaseotp_verification
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-8420
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.34%
||
7 Day CHG~0.00%
Published-28 Feb, 2025 | 08:23
Updated-06 Mar, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation

The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.

Action-Not Available
Vendor-sitesaoSiteSao
Product-dhvc_formDHVC Form
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-1174
Matching Score-4
Assigner-Kubernetes
ShareView Details
Matching Score-4
Assigner-Kubernetes
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 21.67%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 00:00
Updated-16 Jan, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
[minikube] Network Port exposure in minikube running on macOS using Docker driver

This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container.

Action-Not Available
Vendor-Apple Inc.Kubernetes
Product-minikubemacosminikube
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-56043
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.49%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 13:15
Updated-31 Dec, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This issue affects WPLMS: from n/a through 1.9.9.

Action-Not Available
Vendor-VibeThemes
Product-WPLMS
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-54229
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 35.14%
||
7 Day CHG+0.02%
Published-16 Dec, 2024 | 15:18
Updated-16 Dec, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SV100 Companion plugin <= 2.0.02 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Straightvisions GmbH SV100 Companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through 2.0.02.

Action-Not Available
Vendor-Straightvisions GmbH
Product-SV100 Companion
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-52442
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.66%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 11:56
Updated-20 Nov, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Userplus UserPlus allows Privilege Escalation.This issue affects UserPlus: from n/a through 2.0.

Action-Not Available
Vendor-Userplususerplus
Product-UserPlususerplus
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-51800
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 20.88%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 13:47
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Homey theme <= 2.4.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.

Action-Not Available
Vendor-Favethemes
Product-Homey
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-51888
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.49%
||
7 Day CHG+0.01%
Published-21 Jan, 2025 | 13:40
Updated-21 Jan, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Homey Login Register Plugin <= 2.4.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0.

Action-Not Available
Vendor-NotFound
Product-Homey Login Register
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-49217
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.65%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:42
Updated-06 Nov, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Adding drop down roles in registration plugin <= 1.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1.

Action-Not Available
Vendor-madirisalmanaashishMadiri Salman Aashishmadiri_salman_aashish
Product-adding_drop_down_roles_in_registrationAdding drop down roles in registrationuser-drop-down-roles-in-registration
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-28000
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-32.28% / 96.68%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 13:53
Updated-17 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.

Action-Not Available
Vendor-litespeedtechLiteSpeed Technologieslitespeedtech
Product-litespeed_cacheLiteSpeed Cachelitespeed_cache
CWE ID-CWE-266
Incorrect Privilege Assignment
  • Previous
  • 1
  • 2
  • Next
Details not found