CVE-2024-53810: WordPress Simple User Registration plugin <= 5.5 - Broken Access Control on User Deletion vulnerability

9.1 CVSS

Description

Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5.

Classification

CVE ID: CVE-2024-53810

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.1

Affected Products

Vendor: Najeeb Ahmad

Product: Simple User Registration

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://patchstack.com/database/wordpress/plugin/wp-registration/vulnerability/wordpress-simple-user-registration-plugin-5-5-broken-access-control-on-user-deletion-vulnerability?_s_id=cve

Timeline

2024-12-07 00:31:26 UTC
CVE

WordPress Simple User Registration plugin <= 5.5 - Broken Access Control on User Deletion vulnerability