Potential Privilege Escalation Vulnerability in AppPresser Mobile App Framework Plugin for WordPress
CVE-2024-11024

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Apppresser – Mobile App Framework
Vendor: CVE Published:; 26 November 2024

What is CVE-2024-11024?

The AppPresser Mobile App Framework plugin for WordPress has a vulnerability that enables privilege escalation through account takeover. In versions up to and including 4.4.6, the plugin fails to correctly validate a user's password reset code before allowing a password update. This oversight permits unauthorized attackers, who possess a user's email address, to reset the user's password and potentially gain access to their account. This vulnerability underscores the need for robust security measures to properly validate user actions and safeguard personal information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AppPresser – Mobile App Framework * <= 4.4.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3192531/appp...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
Nov 8, 2024

Credit

Khayal Farzaliyev

JSON

Wordpress

What is CVE-2024-11024?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.