CVE-2024-11024
Published: 26 November 2024
Summary
CVE-2024-11024 is a critical-severity Improper Handling of Missing Values (CWE-230) vulnerability in Apppresser Apppresser. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 39.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-33731
Vulnerability details
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior…
more
to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user's email address, to reset the user's password and gain access to their account.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.