Overview
- Description
- The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
- Source
- security@wordfence.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- security@wordfence.com
- CWE-287
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10097 (Published: 2024-11-05) - A high-severity vulnerability affecting Wordfence. Ensure your WordPress installations are updated to the latest versions to mitigate risks. Check out the full details and remediation steps here: https://t.co/yevZKUF6Uj #WordPress… http
@transilienceai
7 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10097 (Published: 2024-11-05) - A high-severity vulnerability affecting Wordfence. Ensure your WordPress site is updated to the latest version to mitigate risks. Check out the details and remediation steps here: https://t.co/yevZKUF6Uj #WordPress #Security
@transilienceai
7 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10097 (Published: 2024-11-05) - Critical vulnerability in Softaculous. Affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For more details, check the changeset: https://t.co/RJr6syLE3q #CyberSecurity… https://t.co
@transilienceai
7 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10097 (Published: 2024-11-05) - A critical vulnerability in Loginizer affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For more details and remediation steps, visit: https://t.co/Dyri2LsT1X #CyberSecurity… https
@transilienceai
7 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10097 (Published: 2024-11-05) - A critical vulnerability in Loginizer affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For more details and remediation steps, visit: https://t.co/Dyri2LsT1X #CyberSecurity… https
@transilienceai
7 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10097 The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insuffi… https://t.co/hC2U6xrMtv
@CVEnew
5 Nov 2024
478 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:loginizer:loginizer:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "85146512-2678-4E8F-A81A-53FD2F5B7994",
"versionEndExcluding": "1.9.3"
}
],
"operator": "OR"
}
]
}
]