WordPress Plugin Vulnerabilities

SalesKing < 1.6.30 - Unauthenticated Privilege Escalation

Description

The plugin is vulnerable to privilege escalation. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.

Affects Plugins

Plugin icon
salesking
Fixed in 1.6.30

References

CVE
CVE-2024-22157
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/52198053-206c-4002-8e26-dd5b4850e151

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
f64f124e-f2a0-48d0-884e-b291cede45c0

Timeline

Publicly Published
2024-01-16 (about 2 years ago)
Added
2024-01-24 (about 2 years ago)
Last Updated
2024-01-24 (about 2 years ago)

Other

Published
Title
Published
2019-08-03
Title
ND Donations < 1.4 - Unauthenticated Options Change
Published
2025-05-12
Title
Frontend Dashboard 1.5.10 - 2.2.7 - Subscriber+ Account Takeover/Privilege Escalation via ajax_request Function
Published
2026-01-21
Title
Hydra Booking < 1.1.33 - Unauthenticated Privilege Escalation
Published
2019-07-31
Title
ND Shortcodes For Visual Composer < 6.0 - Unauthenticated WP Options Update
Published
2024-02-21
Title
Academy LMS – eLearning and online course solution for WordPress < 1.9.20 - Authenticated (Subscriber+) Privilege Escalation