2025-02-28 08:23:19
Wordfence
PUBLISHED
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the role field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.