Unauthenticated Privilege Escalation Vulnerability in JSON API User Plugin for WordPress

CVE-2024-6624

9.8CRITICAL

Key Information

Vendor: JSON API User plugin
Status: Json Api User
Vendor: CVE Published:; 11 July 2024

Badges

👾 Exploit Exists🔴 Public PoC

Summary

The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin requires the JSON API plugin to also be installed.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-6624
Created by RandomRobbieBF

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Sep 10, 2024
Vulnerability published.
Jul 11, 2024

Collectors

NVD Database1 Proof of Concept(s)