CVE-2025-1638

1 Mar 2025

Título es
CVE-2025-1638

Sáb, 01/03/2025 – 08:15

Tipo
CWE-288

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1638

Descripción en
The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity through the alloggio_membership_init_rest_api_facebook_login and alloggio_membership_init_rest_api_google_login functions. This makes it possible for unauthenticated attackers to log in as any user, including administrators, without knowing a password.

01/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias

https://themeforest.net/item/alloggio-hotel-booking-theme/26775539

https://www.wordfence.com/threat-intel/vulnerabilities/id/60405e54-e869-4623-892c-0821014f887b?source=cve

Enviar en el boletín
Off

CVE-2025-1638

CVE-2025-1638

Jose Alexis Correa Valencia