CVE-2024-3828

HIGH 8.8

Spectra Pro <= 1.1.5 - Authenticated (Author+) Privilege Escalation

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated attackers, with author-level access and above, to create administrator-level accounts.

CWE	CWE-269
Vendor	brainstorm force
Product	spectra pro
Published	May 10, 2024
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for brainstorm force spectra pro

Be the first to know when new high vulnerabilities affecting brainstorm force spectra pro are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Brainstorm Force / Spectra Pro

0 ≤ 1.1.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/e23e7d66-4b57-4feb-bf77-46238bc6ce7c?source=cve wpspectra.com: https://wpspectra.com/whats-new/

Credits

Ngô Thiên An