Vulnerabilities > CVE-2024-8420 - Incorrect Privilege Assignment vulnerability in Sitesao Dhvc Form

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
sitesao
CWE-266
critical
NVD
Published: 2025-02-28
Updated: 2025-03-06

Summary

The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.

Vulnerable Configurations

Part Description Count
Application
Sitesao
1

Common Weakness Enumeration (CWE)

References