cve/CVE-2024-4875.md at a8969e132322a214e7b78da5711159d6f891f0ab

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 2226095616 Update Sun May 26 16:36:09 UTC 2024

2024-05-26 16:36:09 +00:00

Description

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration.

POC

Reference

No PoCs from references.

Github

https://github.com/RandomRobbieBF/CVE-2024-4875
https://github.com/nomi-sec/PoC-in-GitHub

1.0 KiB Raw Blame History Unescape Escape

CVE-2024-4875

Description

POC

Reference

Github

1.0 KiB

Raw Blame History