CVE-2024-3828

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3828
The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated attackers, with author-level access and above, to create administrator-level accounts.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://wpspectra.com/whats-new/
https://www.wordfence.com/threat-intel/vulnerabilities/id/e23e7d66-4b57-4feb-bf77-46238bc6ce7c?source=cve
https://wpspectra.com/whats-new/
https://www.wordfence.com/threat-intel/vulnerabilities/id/e23e7d66-4b57-4feb-bf77-46238bc6ce7c?source=cve
Configurations

No configuration.

History

08 Apr 2026, 19:21

Type Values Removed Values Added
CWE CWE-269

21 Nov 2024, 09:30

Type Values Removed Values Added
References () https://wpspectra.com/whats-new/ - () https://wpspectra.com/whats-new/ -
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/e23e7d66-4b57-4feb-bf77-46238bc6ce7c?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/e23e7d66-4b57-4feb-bf77-46238bc6ce7c?source=cve -
Summary
  • (es) El complemento Spectra Pro para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.1.5 incluida. Esto se debe a que el complemento permite a los usuarios con menos privilegios crear formularios de registro y establecer la función predeterminada de administrador. Esto hace posible que los atacantes autenticados, con acceso de nivel de autor y superior, creen cuentas de nivel de administrador.

14 May 2024, 15:42

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-14 15:42

Updated : 2026-06-17 07:45

NVD link : CVE-2024-3828

Mitre link : CVE-2024-3828

CVE.ORG link : CVE-2024-3828

JSON object : View

Products Affected

No product.

CWE
CWE-269

Improper Privilege Management