Critical severity9.8NVD Advisory· Published Feb 24, 2025· Updated Apr 15, 2026
CVE-2024-56525
CVE-2024-56525
Description
In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <3.3.0.21 || >=3.4.0 <3.4.0.8
- Range: <3.3.0.21 || >=3.4.0 <3.4.0.8
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.