CVE-2024-49217

Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through <= 1.1.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/Wordpress/Plugin/user-drop-down-roles-in-registration/vulnerability/wordpress-adding-drop-down-roles-in-registration-plugin-1-1-privilege-escalation-vulnerability?_s_id=cve

Configurations

Configuration 1 (hide)

cpe:2.3:a:madirisalmanaashish:adding_drop_down_roles_in_registration:*:*:*:*:*:wordpress:*:*

History

01 Apr 2026, 16:18

Type	Values Removed	Values Added
References	{'url': 'https://patchstack.com/database/vulnerability/user-drop-down-roles-in-registration/wordpress-adding-drop-down-roles-in-registration-plugin-1-1-privilege-escalation-vulnerability?_s_id=cve', 'tags': ['Third Party Advisory'], 'source': 'audit@patchstack.com'}	() https://patchstack.com/database/Wordpress/Plugin/user-drop-down-roles-in-registration/vulnerability/wordpress-adding-drop-down-roles-in-registration-plugin-1-1-privilege-escalation-vulnerability?_s_id=cve -
Summary	(en) Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1.	(en) Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through <= 1.1.

06 Nov 2024, 20:53

Type	Values Removed	Values Added
CWE		NVD-CWE-Other
References	~~() https://patchstack.com/database/vulnerability/user-drop-down-roles-in-registration/wordpress-adding-drop-down-roles-in-registration-plugin-1-1-privilege-escalation-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/vulnerability/user-drop-down-roles-in-registration/wordpress-adding-drop-down-roles-in-registration-plugin-1-1-privilege-escalation-vulnerability?_s_id=cve - Third Party Advisory
CPE		cpe:2.3:a:madirisalmanaashish:adding_drop_down_roles_in_registration::::::wordpress::*
First Time		Madirisalmanaashish Madirisalmanaashish adding Drop Down Roles In Registration

18 Oct 2024, 12:52

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de asignación incorrecta de privilegios en Madiri Salman Aashish. Agregar roles desplegables en el registro permite la escalada de privilegios. Este problema afecta a Agregar roles desplegables en el registro: desde n/a hasta 1.1.

17 Oct 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-17 18:15

Updated : 2026-04-29 10:16

NVD link : CVE-2024-49217

Mitre link : CVE-2024-49217

CVE.ORG link : CVE-2024-49217

JSON object : View

Products Affected

madirisalmanaashish

adding_drop_down_roles_in_registration

CWE

CWE-266

Incorrect Privilege Assignment

NVD-CWE-Other

9.8 /10