Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1073 vulnerabilities reference this CWE, most recent first.

CVE-2024-12225 (GCVE-0-2024-12225)

Vulnerability from cvelistv5 – Published: 2025-05-06 19:49 – Updated: 2025-11-20 07:12
VLAI
Title
Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass
Summary
A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user's user name.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2024-12225 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2330484 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 0 , < 3.15.3.1 (semver)
Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
Create a notification for this product.
Date Public
2025-02-28 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12225",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T18:33:57.733749Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T18:34:11.164Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/quarkusio/quarkus",
          "defaultStatus": "unaffected",
          "packageName": "quarkus",
          "versions": [
            {
              "lessThan": "3.15.3.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quarkus:3"
          ],
          "defaultStatus": "unaffected",
          "packageName": "io.quarkus:quarkus-security-webauthn",
          "product": "Red Hat build of Quarkus",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-02-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user\u0027s user name."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T07:12:24.461Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-12225"
        },
        {
          "name": "RHBZ#2330484",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330484"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-12-05T00:18:42.885Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-02-28T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass",
      "workarounds": [
        {
          "lang": "en",
          "value": "It is possible to mitigate this issue by disabling the default endpoints after creating a custom one. For example with the call for:\n\n\nimport io.vertx.ext.web.Router;\n\nimport jakarta.enterprise.event.Observes;\n\npublic class Startup {\n    public void init(@Observes Router router) {\n      System.err.println(\"Securing WebAuthn default controller\");\n      router.post(\"/q/webauthn/callback\").order(0).handler(rc -\u003e rc.fail(404));\n    }\n}"
        }
      ],
      "x_redhatCweChain": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-12225",
    "datePublished": "2025-05-06T19:49:16.502Z",
    "dateReserved": "2024-12-05T03:01:11.272Z",
    "dateUpdated": "2025-11-20T07:12:24.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11981 (GCVE-0-2024-11981)

Vulnerability from cvelistv5 – Published: 2024-11-29 06:21 – Updated: 2024-11-29 14:31
VLAI
Title
Billion Electric router - Authentication Bypass
Summary
Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
Billion Electric M100 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* , < 1.04.1.675 (custom)
Create a notification for this product.
Billion Electric M150 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* , < 1.04.1.675 (custom)
Create a notification for this product.
Billion Electric M120N Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* , < 1.04.1.675 (custom)
Create a notification for this product.
Billion Electric M500 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* , < 1.04.1.675 (custom)
Create a notification for this product.
billion_electric m100 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* < , < 1.04.1.675 (custom)
    cpe:2.3:a:billion_electric:m100:*:*:*:*:*:*:*:*
Create a notification for this product.
billion_electric m150 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* < , < 1.04.1.675 (custom)
    cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*
Create a notification for this product.
billion_electric m120n Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* < , < 1.04.1.675 (custom)
    cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*
Create a notification for this product.
billion_electric m500 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* < , < 1.04.1.675 (custom)
    cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-11-29 06:16
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:billion_electric:m100:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "m100",
            "vendor": "billion_electric",
            "versions": [
              {
                "lessThan": "1.04.1.592.8",
                "status": "affected",
                "version": "1.04.1.592.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.613.13",
                "status": "affected",
                "version": "1.04.1.613.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.675",
                "status": "affected",
                "version": "1.04.1.* \u003c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "m150",
            "vendor": "billion_electric",
            "versions": [
              {
                "lessThan": "1.04.1.592.8",
                "status": "affected",
                "version": "1.04.1.592.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.613.13",
                "status": "affected",
                "version": "1.04.1.613.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.675",
                "status": "affected",
                "version": "1.04.1.* \u003c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "m120n",
            "vendor": "billion_electric",
            "versions": [
              {
                "lessThan": "1.04.1.592.8",
                "status": "affected",
                "version": "1.04.1.592.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.613.13",
                "status": "affected",
                "version": "1.04.1.613.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.675",
                "status": "affected",
                "version": "1.04.1.* \u003c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "m500",
            "vendor": "billion_electric",
            "versions": [
              {
                "lessThan": "1.04.1.592.8",
                "status": "affected",
                "version": "1.04.1.592.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.613.13",
                "status": "affected",
                "version": "1.04.1.613.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.675",
                "status": "affected",
                "version": "1.04.1.* \u003c",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11981",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:25:30.745734Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T14:31:52.528Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "M100",
          "vendor": "Billion Electric",
          "versions": [
            {
              "lessThan": "1.04.1.592.8",
              "status": "affected",
              "version": "1.04.1.592.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.613.13",
              "status": "affected",
              "version": "1.04.1.613.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.675",
              "status": "affected",
              "version": "1.04.1.*",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "M150",
          "vendor": "Billion Electric",
          "versions": [
            {
              "lessThan": "1.04.1.592.8",
              "status": "affected",
              "version": "1.04.1.592.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.613.13",
              "status": "affected",
              "version": "1.04.1.613.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.675",
              "status": "affected",
              "version": "1.04.1.*",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "M120N",
          "vendor": "Billion Electric",
          "versions": [
            {
              "lessThan": "1.04.1.592.8",
              "status": "affected",
              "version": "1.04.1.592.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.613.13",
              "status": "affected",
              "version": "1.04.1.613.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.675",
              "status": "affected",
              "version": "1.04.1.*",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "M500",
          "vendor": "Billion Electric",
          "versions": [
            {
              "lessThan": "1.04.1.592.8",
              "status": "affected",
              "version": "1.04.1.592.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.613.13",
              "status": "affected",
              "version": "1.04.1.613.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.675",
              "status": "affected",
              "version": "1.04.1.*",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-11-29T06:16:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCertain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.\u003c/span\u003e"
            }
          ],
          "value": "Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-29T06:29:10.735Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-8275-50f42-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-8276-1defb-2.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\u003cbr\u003eFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\u003cbr\u003eFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.\u003cbr\u003e"
            }
          ],
          "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later."
        }
      ],
      "source": {
        "advisory": "TVN-202411026",
        "discovery": "EXTERNAL"
      },
      "title": "Billion Electric router - Authentication Bypass",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2024-11981",
    "datePublished": "2024-11-29T06:21:31.476Z",
    "dateReserved": "2024-11-29T01:52:19.267Z",
    "dateUpdated": "2024-11-29T14:31:52.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11925 (GCVE-0-2024-11925)

Vulnerability from cvelistv5 – Published: 2024-11-28 07:14 – Updated: 2026-04-08 16:33
VLAI
Title
WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation
Summary
The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
eyecix JobSearch WP Job Board Affected: 0 , ≤ 2.6.7 (semver)
Create a notification for this product.
eyecix jobsearch_wp_job_board Affected: 0 , ≤ 2.6.7 (semver)
    cpe:2.3:a:eyecix:jobsearch_wp_job_board:-:*:*:*:*:wordpress:*:*
Create a notification for this product.
Credits
Tonn
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eyecix:jobsearch_wp_job_board:-:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jobsearch_wp_job_board",
            "vendor": "eyecix",
            "versions": [
              {
                "lessThanOrEqual": "2.6.7",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11925",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T15:33:46.283379Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:35:07.980Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "JobSearch WP Job Board",
          "vendor": "eyecix",
          "versions": [
            {
              "lessThanOrEqual": "2.6.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tonn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:33:15.499Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/04bc8101-2676-4695-a498-f79be8221617?source=cve"
        },
        {
          "url": "https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-27T19:13:40.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "WP JobSearch \u003c= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-11925",
    "datePublished": "2024-11-28T07:14:07.539Z",
    "dateReserved": "2024-11-27T18:26:49.008Z",
    "dateUpdated": "2026-04-08T16:33:15.499Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11639 (GCVE-0-2024-11639)

Vulnerability from cvelistv5 – Published: 2024-12-10 18:54 – Updated: 2024-12-14 04:55
VLAI
Summary
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
Ivanti Cloud Services Application Unaffected: 5.0.3 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11639",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-14T04:55:11.739Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Cloud Services Application",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "5.0.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
            }
          ],
          "value": "An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T18:54:43.368Z",
        "orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
        "shortName": "ivanti"
      },
      "references": [
        {
          "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
    "assignerShortName": "ivanti",
    "cveId": "CVE-2024-11639",
    "datePublished": "2024-12-10T18:54:43.368Z",
    "dateReserved": "2024-11-22T18:45:24.957Z",
    "dateUpdated": "2024-12-14T04:55:11.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11349 (GCVE-0-2024-11349)

Vulnerability from cvelistv5 – Published: 2024-12-21 04:22 – Updated: 2026-04-08 17:32
VLAI
Title
AdForest <= 5.1.6 - Authentication Bypass
Summary
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
scriptsbundle AdForest Affected: 0 , ≤ 5.1.6 (semver)
Create a notification for this product.
Credits
Tonn
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11349",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-23T16:43:21.405263Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-28T00:51:22.860Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AdForest",
          "vendor": "scriptsbundle",
          "versions": [
            {
              "lessThanOrEqual": "5.1.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tonn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user\u0027s identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:32:53.748Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f374b3d1-820b-473f-8d2b-c3267e6d23d9?source=cve"
        },
        {
          "url": "https://themeforest.net/item/adforest-classified-wordpress-theme/19481695"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-12-20T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "AdForest \u003c= 5.1.6 - Authentication Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-11349",
    "datePublished": "2024-12-21T04:22:17.791Z",
    "dateReserved": "2024-11-18T16:47:22.199Z",
    "dateUpdated": "2026-04-08T17:32:53.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11286 (GCVE-0-2024-11286)

Vulnerability from cvelistv5 – Published: 2025-03-14 04:22 – Updated: 2026-04-08 17:09
VLAI
Title
WP JobHunt <= 7.1 - Authentication Bypass
Summary
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, including administrators.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
n/a WP JobHunt Affected: 0 , ≤ 7.1 (semver)
Credits
Tonn
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11286",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-14T13:56:57.868391Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T13:57:05.975Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WP JobHunt",
          "vendor": "n/a",
          "versions": [
            {
              "lessThanOrEqual": "7.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tonn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user\u0027s identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user\u0027s account, including administrators."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:09:16.059Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/91754c4d-a0d0-4d35-a70a-446d2bdf6c73?source=cve"
        },
        {
          "url": "https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-13T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "WP JobHunt \u003c= 7.1 - Authentication Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-11286",
    "datePublished": "2025-03-14T04:22:33.776Z",
    "dateReserved": "2024-11-15T20:12:45.530Z",
    "dateUpdated": "2026-04-08T17:09:16.059Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11178 (GCVE-0-2024-11178)

Vulnerability from cvelistv5 – Published: 2024-12-06 06:48 – Updated: 2026-04-08 17:25
VLAI
Title
Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP
Summary
The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
india-web-developer Login with OTP Affected: 0 , ≤ 1.4.2 (semver)
Create a notification for this product.
wordpress login_with_otp_plugin Affected: 0 , ≤ 1.4.2 (semver)
    cpe:2.3:a:wordpress:login_with_otp_plugin:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:wordpress:login_with_otp_plugin:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "login_with_otp_plugin",
            "vendor": "wordpress",
            "versions": [
              {
                "lessThanOrEqual": "1.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11178",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-09T14:49:37.098541Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-09T14:51:36.034Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Login with OTP",
          "vendor": "india-web-developer",
          "versions": [
            {
              "lessThanOrEqual": "1.4.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there\u2019s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:25:37.006Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3775d48-5985-475e-8fb9-c4c5fd044772?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/otp-login/tags/1.4.2/lib/otpl-class.php#L293"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/otp-login/tags/1.4.2/lib/otpl-class.php#L317"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3216953/otp-login#file18"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-13T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2024-12-05T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Login With OTP \u003c= 1.4.2 - Authentication Bypass via Weak OTP"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-11178",
    "datePublished": "2024-12-06T06:48:22.861Z",
    "dateReserved": "2024-11-13T13:33:17.977Z",
    "dateUpdated": "2026-04-08T17:25:37.006Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11028 (GCVE-0-2024-11028)

Vulnerability from cvelistv5 – Published: 2024-11-13 09:30 – Updated: 2026-04-08 17:28
VLAI
Title
MultiManager WP – Manage All Your WordPress Sites Easily <= 1.0.5 - Authentication Bypass via User Impersonation
Summary
The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it possible for unauthenticated attackers to generate an impersonation link that will allow them to log in as any existing user, such as an administrator. NOTE: The user impersonation feature was disabled in version 1.1.0 and re-enabled with a patch in version 1.1.2.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
icdsoft MultiManager WP – Manage All Your WordPress Sites Easily Affected: 0 , ≤ 1.0.5 (semver)
Create a notification for this product.
icdsoft multimanager_wp_manage_all_your_word_press_sites_easily Affected: 0 , ≤ 1.0.5 (semver)
    cpe:2.3:a:icdsoft:multimanager_wp_manage_all_your_word_press_sites_easily:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Khayal Farzaliyev
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:icdsoft:multimanager_wp_manage_all_your_word_press_sites_easily:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "multimanager_wp_manage_all_your_word_press_sites_easily",
            "vendor": "icdsoft",
            "versions": [
              {
                "lessThanOrEqual": "1.0.5",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11028",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T14:56:17.004134Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T14:59:40.159Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MultiManager WP \u2013 Manage All Your WordPress Sites Easily",
          "vendor": "icdsoft",
          "versions": [
            {
              "lessThanOrEqual": "1.0.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Khayal Farzaliyev"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The MultiManager WP \u2013 Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it possible for unauthenticated attackers to generate an impersonation link that will allow them to log in as any existing user, such as an administrator. NOTE: The user impersonation feature was disabled in version 1.1.0 and re-enabled with a patch in version 1.1.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:28:21.159Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de8e7adc-3777-4fb1-a708-68da950e3d4f?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3184657/multimanager-wp"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3184678/multimanager-wp"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3184826/multimanager-wp"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-08T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2024-11-12T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "MultiManager WP \u2013 Manage All Your WordPress Sites Easily \u003c= 1.0.5 - Authentication Bypass via User Impersonation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-11028",
    "datePublished": "2024-11-13T09:30:26.145Z",
    "dateReserved": "2024-11-08T16:48:44.283Z",
    "dateUpdated": "2026-04-08T17:28:21.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-10961 (GCVE-0-2024-10961)

Vulnerability from cvelistv5 – Published: 2024-11-23 03:25 – Updated: 2026-04-08 16:49
VLAI
Title
Social Login <= 5.9.0 - Authentication Bypass via Disqus OAuth provider
Summary
The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
claudeschlesser Social Login Affected: 0 , ≤ 5.9.0 (semver)
Create a notification for this product.
oneall_social_login oa-social-login Affected: 0 , ≤ 5.9.0 (semver)
    cpe:2.3:a:oneall_social_login:oa-social-login:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
wesley
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oneall_social_login:oa-social-login:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "oa-social-login",
            "vendor": "oneall_social_login",
            "versions": [
              {
                "lessThanOrEqual": "5.9.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10961",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T17:06:01.396095Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T19:11:38.830Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Social Login",
          "vendor": "claudeschlesser",
          "versions": [
            {
              "lessThanOrEqual": "5.9.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "wesley"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:49:09.226Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43a64074-ca64-4c34-b467-06d1ad8c5aa0?source=cve"
        },
        {
          "url": "https://wordpress.org/plugins/oa-social-login/"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3201046/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-22T15:08:42.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Social Login \u003c= 5.9.0 - Authentication Bypass via Disqus OAuth provider"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-10961",
    "datePublished": "2024-11-23T03:25:48.434Z",
    "dateReserved": "2024-11-07T01:14:13.615Z",
    "dateUpdated": "2026-04-08T16:49:09.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-10924 (GCVE-0-2024-10924)

Vulnerability from cvelistv5 – Published: 2024-11-15 03:18 – Updated: 2026-01-23 15:19
VLAI
Title
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass
Summary
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:really-simple-plugins:really_simple_security:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "really_simple_security",
            "vendor": "really-simple-plugins",
            "versions": [
              {
                "lessThanOrEqual": "9.1.1.1",
                "status": "affected",
                "version": "9.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10924",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T17:56:32.562044Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:58:22.917Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-23T15:19:28.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://github.com/JoshuaProvoste/0-click-RCE-Exploit-for-CVE-2024-10924"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Really Simple Security Pro multisite",
          "vendor": "Really Simple Plugins",
          "versions": [
            {
              "lessThanOrEqual": "9.1.1.1",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Really Simple Security \u2013 Simple and Performant Security (formerly Really Simple SSL)",
          "vendor": "rogierlankhorst",
          "versions": [
            {
              "lessThanOrEqual": "9.1.1.1",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Really Simple Security Pro",
          "vendor": "Really Simple Plugins",
          "versions": [
            {
              "lessThanOrEqual": "9.1.1.1",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the \u0027check_login_and_get_user\u0027 function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the \"Two-Factor Authentication\" setting is enabled (disabled by default)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-19T13:37:03.351Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d5d05ad-1a7a-43d2-bbbf-597e975446be?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L67"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L277"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L278"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3188431/really-simple-ssl"
        },
        {
          "url": "https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-06T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2024-11-06T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2024-11-14T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-10924",
    "datePublished": "2024-11-15T03:18:45.746Z",
    "dateReserved": "2024-11-06T14:20:37.200Z",
    "dateUpdated": "2026-01-23T15:19:28.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.