CVE-2024-12470
Published: 07 January 2025
Description
The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user.
Security Summary
CVE-2024-12470 is a privilege escalation vulnerability in the School Management System – SakolaWP plugin for WordPress, affecting all versions up to and including 1.0.8. The issue arises because the plugin's registration function does not properly restrict the roles that users can select during signup, mapped to CWE-266 (Incorrect Privilege Assignment). It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and high potential impact.
Unauthenticated attackers can exploit this vulnerability remotely without privileges or user interaction. By accessing the registration endpoint, they can choose an administrative role during signup, gaining immediate admin access to the WordPress site. This enables full control, including data exfiltration, modification, or deletion, as well as potential deployment of further malware.
Advisories from Wordfence and the plugin's WordPress.org listing provide further details on the issue. Mitigation requires updating to a version beyond 1.0.8, where the registration role restrictions have been addressed. Security practitioners should scan environments for the vulnerable plugin versions and apply updates promptly.
Details
- CWE(s)