4 matches found
CVE-2024-9488 Comments – wpDiscuz <= 7.6.24 - Authentication Bypass via WordPress.com OAuth provider
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any...
CVE-2024-9488 Comments – wpDiscuz <= 7.6.24 - Authentication Bypass via WordPress.com OAuth provider
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any...
CVE-2024-9488
CVE-2024-9488 concerns the WordPress plugin Comments – wpDiscuz (versions ≤ 7.6.24). The flaw is an authentication bypass caused by insufficient verification of the user returned by the social login token, enabling unauthenticated attackers to log in as any existing user (including administrators...
WordPress wpDiscuz Plugin <= 7.6.24 is vulnerable to Broken Authentication
Software wpDiscuz Type Plugin Vulnerable versions = 7.6.24 Fixed in 7.6.25 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9488 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c3cf059c4b56 Credits wesley wcraf...