Wp NssUser Register <= 1.0.0 is vulnerable to Privilege Escalation vulnerability

Unauthenticated

Published
2024-12-10

The Wp NssUser Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to register on the site as administrators.

CVE

https://www.cve.org/CVERecord?id=CVE-2024-54363

CVSS

Score:9.8

Severity:Critical

Version: 1.0.0

The plugin vendor has not patched this vulnerability at the moment.