CVE-2024-2172: CWE-304 Missing Critical Step in Authentication in cyberlord92 Web Application Firewall – website security
The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web Application Firewall). This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator.
CVE-2024-2172: CWE-304 Missing Critical Step in Authentication in cyberlord92 Web Application Firewall – website security
Description
The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web Application Firewall). This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-03-04T18:27:27.719Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6da9b7ef31ef0b58a46e
Added to database: 2/25/2026, 9:46:17 PM
Last updated: 2/26/2026, 1:03:04 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-27896: CWE-178: Improper Handling of Case Sensitivity in modelcontextprotocol go-sdk
HighCVE-2026-27888: CWE-400: Uncontrolled Resource Consumption in py-pdf pypdf
MediumCVE-2026-27884: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Pennyw0rth NetExec
MediumCVE-2026-27837: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mickhansen dottie.js
MediumCVE-2026-27831: CWE-125: Out-of-bounds Read in bluedragonsecurity rldns
HighActions
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.