SalesKing <= 1.6.15 is vulnerable to Unauthenticated Privilege Escalation vulnerability

Unauthenticated

Published
2024-01-15

The SalesKing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.15. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.

CVE

https://www.cve.org/CVERecord?id=CVE-2024-22157

CVSS

Score:9.8

Severity:Critical

Version: 1.6.15

There is a patch available in v1.6.30 and we strongly recommend you update to this version as soon as possible.