CVE-2024-10508

Published Nov 9, 2024

Last updated 5 days ago

CVSS critical 9.8

Overview

Description
The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, and gain access to these accounts.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@wordfence.com
CWE-230

Social media

Hype score
Not currently trending

  1. CVE-2024-10508 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to pr..https://t.co/ALu133gjbp #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    14 Nov 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10508 (Published: 2024-11-09) - Critical vulnerability in WordPress affecting the Custom Registration Form Builder with Submission Manager plugin. Ensure your version is updated to the latest patch to mitigate risks. Check the changes here: https://t.co/gR4BIV2mjT… ht

    @transilienceai

    13 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2024-10508: CRITICAL] WordPress plugin RegistrationMagic up to version 6.0.2.6 is vulnerable to privilege escalation via account takeover due to improper password reset token validation, enabling attackers t...#cybersecurity,#vulnerability https://t.co/2kkgARF3ti https://t.c

    @CveFindCom

    9 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-10508 The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all… https://t.co/61UObAjNGx

    @CVEnew

    9 Nov 2024

    279 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References