3 matches found
CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decryptvalue' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the sit...
CVE-2024-4611
CVE-2024-4611 – AppPresser (WordPress plugin) affects versions up to 4.3.2. The root cause is improper missing encryption exception handling in the functions decrypt_value and doCookieAuth, which can allow an unauthenticated attacker to log in as any existing user (e.g., admin) if the openssl PHP...
WordPress AppPresser Plugin <= 4.3.2 is vulnerable to Broken Authentication
Software AppPresser Type Plugin Vulnerable versions = 4.3.2 Fixed in 4.4.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2024-4611 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 99a815b5c3c8 Credits István Márton Required privilege...