3 matches found
CVE-2024-10285
CVE-2024-10285 describes a sensitive information disclosure in the CE21 Suite WordPress plugin (versions up to 2.2.0). The flaw allows unauthenticated attackers to access the user account tied to a valid JWT token by exploiting the plugin-log.txt, per the initial description. Public references al...
CVE-2024-10284
CVE-2024-10284 concerns the CE21 Suite plugin for WordPress. Connected sources confirm an authentication bypass in versions up to 2.2.0 caused by a hardcoded encryption key in the ce21_authentication_phrase function, enabling unauthenticated login as existing users if email access is obtained. Th...
CVE-2024-10294
CVE-2024-10294 affects the WordPress CE21 Suite plugin. The root cause is a missing capability check in ce21_single_sign_on_save_api_settings, allowing unauthenticated attackers to modify plugin settings in versions up to 2.2.0. The impact is unauthorized modification of data/settings. Wordfence ...