Overview
- Description
- The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
- Source
- security@wordfence.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
- security@wordfence.com
- CWE-288
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
WordPress-in “wpDiscuz” plaginində təhlükəsizlik boşluğu (CVE-2024-9488) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik https://t.co/DKNM362KQ6
@CERTAzerbaijan
16 Nov 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
<セキュリティニュース> WordPressプラグイン「Comments – wpDiscuz」 ※7.6.24以前のバージョン 脆弱性:CVE-2024-9488 内容 :攻撃者に正規ユーザーとしてログインされる恐れ 対策 :最新バージョンへ更新する 詳細:https://t.co/kS6oPrAuKp
@ColorfulBoxJp
29 Oct 2024
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2024-9488 (CVSS: 9.8) : Authentication Bypass Flaw in wpDiscuz Plugin ⚠️The vulnerability stems from insufficient verification of user identities during social login processes. Attackers who can obtain a user’s email address and exploit this weakness can potentially gain…
@zoomeye_team
28 Oct 2024
377 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
1 Quote
CVE-2024-9488:WordPressプラグイン「wpDiscuz」の認証バイパスに深刻な脆弱性、8万以上のWEBサイトで利用される大人気のコメント機能強化プラグイン https://t.co/fAhKftcp7S @nikkeimatomeより
@nikkeimatome
27 Oct 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical vulnerability, CVE-2024-9488, has been identified in the "wpDiscuz" plugin affecting over 80,000 WordPress sites. This flaw allows attackers to bypass authentication and gain admin control. ⚠️ Site admins should urgently update to version 7.6.25. https://t.co/48rE
@Ransom_DB
27 Oct 2024
63 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9488 (CVSS 9.8): Authentication Bypass Flaw in wpDiscuz Plugin, Over 80,000 Sites at Risk https://t.co/Q9E3xZAfwm
@telcofraudza
27 Oct 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-9488 CVSS 9.8 (Critical) A vulnerability to the all versions of #WPDiscuz plugin places over 80,000 WordPress sites at significant risk. ➡️ Authentication bypass flaw allowing unauthorized access. 🔗Technical analysis: https://t.co/uAt8NtB0Vf #Infosec #CVE #Tech
@Mawg0ud
27 Oct 2024
116 Impressions
0 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
8万サイト以上にインストールされているWordPressのプラグインwpDiscuzでCVSSスコア9.8の脆弱性が修正。CVE-2024-9488は未認証の攻撃者が、管理者の物を含むアカウントを乗っ取れる。ソーシャルログインに起因しており、乗っ取り相手のメールアドレスを把握していることが条件。… https://t.co/mUwepuoNzC
@__kokumoto
27 Oct 2024
3026 Impressions
16 Retweets
49 Likes
14 Bookmarks
0 Replies
0 Quotes
CVE-2024-9488 (CVSS 9.8): Authentication Bypass Flaw in wpDiscuz Plugin, Over 80,000 Sites at Risk https://t.co/rK4DnL0HOz
@Dinosn
27 Oct 2024
3785 Impressions
16 Retweets
46 Likes
9 Bookmarks
1 Reply
0 Quotes
CVE-2024-9488 (CVSS 9.8): Authentication Bypass Flaw in wpDiscuz Plugin, Over 80,000 Sites at Risk Critical vulnerability in wpDiscuz plugin (CVE-2024-9488). Learn how unauthenticated attackers can hijack user accounts in #WordPress. https://t.co/y18N0QZSDa
@the_yellow_fall
27 Oct 2024
274 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🗣 CVE-2024-9488 (CVSS 9.8): Authentication Bypass Flaw in wpDiscuz Plugin, Over 80,000 Sites at Risk https://t.co/x6n9rsM3hM
@fridaysecurity
27 Oct 2024
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-9488: CRITICAL] Critical vulnerability in wpDiscuz plugin for WordPress allows unauthenticated attackers to bypass authentication and log in as any existing user on the site. Update to version 7.6.25 imm...#cybersecurity,#vulnerability https://t.co/E1KymXr0JZ https://t.
@CveFindCom
25 Oct 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9488 The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verificati… https://t.co/Z89TQiymWW
@CVEnew
25 Oct 2024
274 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "010A4D23-EB81-4895-925B-9C98ED0E79C8",
"versionEndExcluding": "7.6.25"
}
],
"operator": "OR"
}
]
}
]