Critical severity9.8NVD Advisory· Published Feb 28, 2025· Updated Jun 17, 2026
CVE-2024-8420
CVE-2024-8420
Description
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.
Affected products
3- SiteSao/DHVC Formv5Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.