CVE-2024-4875

Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 21/05/2024 Updated: 21/05/2024

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 0

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration.

HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update

CVE-2024-4875 HT Mega – Absolute Addons For Elementor <= 252 - Missing Authorization to Options Update Description: The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 252

https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=cve https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php#L52 https://plugins.trac.wordpress.org/changeset/3088899/ht-mega-for-elementor/trunk/admin/include/class.dynamic-notice.php https://nvd.nist.gov https://github.com/RandomRobbieBF/CVE-2024-4875

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-4875

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect