Overview
- Description
- The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unauthenticated attackers to log in to the first administrator user.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- security@wordfence.com
- CWE-288
Social media
- Hype score
- Not currently trending
[CVE-2024-9931: CRITICAL] WordPress plugin vulnerability alert: Wux Blog Editor plugin up to version 3.0.0 is prone to authentication bypass, allowing unauthorized access to the first admin user. #cybersecurity#cybersecurity,#vulnerability https://t.co/u0j16g8hNW https://t.co/2Eg
@CveFindCom
26 Oct 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9931 The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token … https://t.co/VHYdNZm1tU
@CVEnew
26 Oct 2024
683 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
1 Quote