CVE-2021-24289

Summary

There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.

Affected Software

VendorProductVersion RangeStatus
Store Locator PlusStore Locator Plus for WordPress5.5.14 <= 5.5.14affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CVE Program Container

Additional References

References