Lucene search
K

4 matches found

Cvelist
Cvelist
added 2024/10/25 5:35 a.m.24 views

CVE-2024-9488 Comments – wpDiscuz <= 7.6.24 - Authentication Bypass via WordPress.com OAuth provider

The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any...

9.8CVSS0.0081EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/25 5:35 a.m.18 views

CVE-2024-9488 Comments – wpDiscuz <= 7.6.24 - Authentication Bypass via WordPress.com OAuth provider

The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any...

9.8CVSS9.7AI score0.0081EPSS
Exploits0References3
CVE
CVE
added 2024/10/25 5:35 a.m.77 views

CVE-2024-9488

CVE-2024-9488 concerns the WordPress plugin Comments – wpDiscuz (versions ≤ 7.6.24). The flaw is an authentication bypass caused by insufficient verification of the user returned by the social login token, enabling unauthenticated attackers to log in as any existing user (including administrators...

9.8CVSS9.7AI score0.0081EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.20 views

WordPress wpDiscuz Plugin <= 7.6.24 is vulnerable to Broken Authentication

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.24 Fixed in 7.6.25 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9488 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c3cf059c4b56 Credits wesley wcraf...

9.8CVSS6.5AI score0.0081EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder