2024-11-26
Platform: WordPress
Version: WPGYM plugin up to 67.1.0
Vulnerability: Privilege Escalation
Severity: Moderate (CVSS score not yet available)
Date: November 23, 2024 (NVD published date)
:
The WPGYM plugin for WordPress is vulnerable to privilege escalation due to a missing capability check. This allows attackers with subscriber-level access or higher to create new administrator accounts.
What Undercode Says:
This vulnerability can be exploited by attackers who already have access to your WordPress site. It’s crucial to update the WPGYM plugin to the latest version (likely a patched version) as soon as possible. Additionally, consider implementing strong password policies and enforcing least privilege principles for user accounts.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help