CVE-2024-9893

16 Oct 2024

Título es

CVE-2024-9893

Mié, 16/10/2024 – 14:15

Tipo

CWE-288

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-9893

Descripción en

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.

16/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

Nextend Social Login

Nextend Social Login and Register

https://www.wordfence.com/threat-intel/vulnerabilities/id/0e4588d1-f21e-48ba-a8cb-d18c421f000a?source=cve

Enviar en el boletín

Off

CVE-2024-9893

CVE-2024-9893

Jose Alexis Correa Valencia