What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in N-Media Simple User Registration wp-registration allows Privilege Escalation.This issue affects Simple User Registration: from n/a through <= 6.8.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in N-Media Simple User Registration wp-registration allows Privilege Escalation.This issue affects Simple User Registration: from n/a through <= 6.8.
Explanation of Vulnerability in Simple Terms
Simple User Registration versions 6.8 and earlier contain an improper privilege escalation vulnerability. An authenticated user with low privileges can read, modify, or delete sensitive data and disrupt site functionality. The vulnerability requires only network access and no user interaction. Sites running affected versions should update immediately.
What an attacker can do
Read, modify, or delete sensitive data; disrupt site availability.
Potential impact on your site
User accounts and site data are at risk; attackers with basic access can escalate to admin-level actions.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources