1 results (0.015 seconds)

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.This issue affects WPForms User Registration: from n/a through 2.1.0. The WPForms User Registration plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.1.0. This is due to a missing capability check when adding a role option to a form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a form that allows them to register as a higher privileged user. • https://patchstack.com/database/vulnerability/wpforms-user-registration/wordpress-wpforms-user-registration-plugin-2-1-0-authenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •