Unauthorized User Registration Vulnerability in JNews WordPress Theme
CVE-2024-8682

5.3MEDIUM

Key Information:

Vendor: Https://themeforest.net/item/jnews-one-stop-solution-for-web-publishing/20566392
Status: Jnews - WordPress Newspaper Magazine Blog Amp Theme
Vendor: CVE Published:; 5 March 2025

Summary

The JNews - WordPress Newspaper Magazine Blog AMP Theme for WordPress is susceptible to a flaw that allows unauthorized user registrations. This vulnerability arises from improper validation by the theme's register_handler() function, which fails to restrict user registrations even when the option is intended to be disabled. As a result, unauthenticated attackers can create user accounts, posing a significant security risk to websites utilizing this theme in versions up to 11.6.6.

Affected Version(s)

JNews - WordPress Newspaper Magazine Blog AMP Theme * <= 11.6.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/jnews-one-stop-solution-for-...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2025
Vulnerability Reserved
Sep 10, 2024

Credit

Kubow