Overview
- Description
- The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the 'verify_email' action. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator. The vulnerability is in the Account extension.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- security@wordfence.com
- CWE-288
Social media
- Hype score
- Not currently trending
[CVE-2024-9930: CRITICAL] WordPress plugin Extensions by HocWP Team up to v0.2.3.2 is vulnerable to authentication bypass allowing unauthenticated attackers to log in as any user, like an admin. #CyberSecurity#cybersecurity,#vulnerability https://t.co/XpregoOpKD https://t.co/uc1x
@CveFindCom
26 Oct 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9930 The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on… https://t.co/jFTFmjczTd
@CVEnew
26 Oct 2024
527 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes