← Back

Dhvc Form

dhvc_form

Vendor: Sitesao • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-8420
1Sitesao
1Dhvc Form
Mar 6, 2025
Feb 28, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it p...Show more
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.Show less