CVE-2024-11028

Published Nov 13, 2024

Last updated 4 days ago

CVSS critical 9.8

Overview

Description
The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it possible for unauthenticated attackers to generate an impersonation link that will allow them to log in as any existing user, such as an administrator. NOTE: The user impersonation feature was disabled in version 1.1.0 and re-enabled with a patch in version 1.1.2.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@wordfence.com
CWE-288

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. 🚨 CVE-2024-11028 (Published: 2024-11-13) - A high-severity vulnerability in WordPress MultiManager plugin affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For more details, check the changeset: https://t.co/8uUOp6Ovpr… htt

    @transilienceai

    15 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-11028 (Published: 2024-11-13) - A high-severity vulnerability in WordPress MultiManager plugin. Affects multiple versions. 🛡️ Remediation: Update to the latest version as detailed here: https://t.co/8uUOp6Ovpr. Stay secure! #WordPress #CyberSecurity

    @transilienceai

    15 Nov 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-11028 (Published: 2024-11-13) - Critical vulnerability in ICDSoft affecting multiple versions. Ensure your WordPress Multimanager plugin is updated to the latest version to mitigate risks. Stay secure! 🔒 For more details, check: https://t.co/gwjZKvSi6F #CyberSecurity

    @transilienceai

    15 Nov 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-11028 (Published: 2024-11-13) - A critical vulnerability in ICDSoft affects multiple versions of MultiManager WP. Users are urged to update to the latest version immediately to mitigate risks. For more details, check the changeset: https://t.co/gwjZKvSi6F… https://t.c

    @transilienceai

    15 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2024-11028: CRITICAL] Cybersecurity Alert: MultiManager WP plugin for WordPress up to version 1.0.5 is prone to Authentication Bypass exploit. Impersonation feature fix in versions 1.1.0 and 1.1.2. Stay secure!#cybersecurity,#vulnerability https://t.co/i5790lCTnm https://t.c

    @CveFindCom

    13 Nov 2024

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References