- Description
- The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-288
- Hype score
- Not currently trending
CVE-2024-11178 (CVSS:8.1, HIGH) is Awaiting Analysis. The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. ..https://t.co/Y3dJzN2to9 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
11 Dec 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11178 Authentication Bypass in WordPress OTP Plugin Allows Admin Access The Login With OTP plugin for WordPress has an authentication bypass vulnerability in versions up to 1.4.2. This happens because th... https://t.co/hxfvZgXvvt
@VulmonFeeds
6 Dec 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11178 The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak … https://t.co/uJvZntrPiZ
@CVEnew
6 Dec 2024
279 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes