CVE-2024-8682

MEDIUM

JNews - WordPress Newspaper Magazine Blog AMP Theme <11.6.6 - Unaut...

Title source: llm

Description

The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 11.6.6. This is due to the plugin not properly validate if the user can register option is enabled prior to creating a user though the register_handler() function. This makes it possible for unauthenticated attackers to register as a user even when user registration is disabled.

Exploits (1)

nomisec WORKING POC 2 stars
by 4minx · poc
https://github.com/4minx/CVE-2024-8682

References (2)

Scores

CVSS v3 5.3
EPSS 0.0029
EPSS Percentile 51.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE
CWE-862
Status draft

Timeline

Published Mar 05, 2025
Tracked Since Feb 18, 2026