Privilege Escalation Vulnerability in DHVC Form Plugin for WordPress
CVE-2024-8420

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Dhvc Form
Vendor: CVE Published:; 28 February 2025

Summary

The DHVC Form plugin for WordPress contains a vulnerability that allows attackers to escalate their privileges. This flaw is present in all versions up to and including 2.4.7, where the plugin improperly permits users to define their own 'role' field during registration. As a result, unauthenticated attackers can gain unauthorized access and register as administrators on vulnerable WordPress sites, thereby compromising the security and integrity of the installation.

Affected Version(s)

DHVC Form * <= 2.4.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://codecanyon.net/item/dhvc-form-wordpress-form-for-...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2025
Vulnerability Reserved
Sep 4, 2024

Credit

Tonn