CVE-2024-8420P1CRITICALCVSS 9.8Exploitedfixed in 2.4.8·≤ 2.4.72025-02-28
CVE-2024-8420 [CRITICAL] CWE-266 CVE-2024-8420: The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.
nvd