cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-9215,https://securityvulnerability.io/vulnerability/CVE-2024-9215,Authors Plugin Vulnerable to Privilege Escalation/Account Takeover,"The PublishPress Authors plugin for WordPress contains a vulnerability that permits authenticated users with Author-level access to exploit an insecure direct object reference. This flaw arises because the system fails to validate the 'authors-user_id' parameter in the action_edited_author() function. As a result, attackers can modify the email addresses of any user account, including those of administrators, which can lead to unauthorized password resets and complete account takeovers. This vulnerability affects all versions of the plugin up to and including 4.7.1.",Wordpress,"Co-authors, Multiple Authors And Guest Authors In An Author Box With PublisHPress Authors",8.8,HIGH,0.0005600000149570405,false,,false,false,false,,,false,false,,2024-10-17T02:06:04.689Z,0