cve/CVE-2024-10508.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.3 KiB

Raw Permalink Blame History

CVE-2024-10508

Description

The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, and gain access to these accounts.

POC

Reference

No PoCs from references.

Github

https://github.com/Jenderal92/CVE-2024-10508
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/ubaii/CVE-2024-10508
https://github.com/ubaydev/CVE-2024-10508

1.3 KiB Raw Permalink Blame History Unescape Escape

CVE-2024-10508

Description

POC

Reference

Github

1.3 KiB

Raw Permalink Blame History