3 matches found
CVE-2024-9989
CVE-2024-9989 affects the Crypto WordPress plugin up to version 2.15. The vulnerability arises from an overly permissive call in crypto_connect_ajax_process::log_in within crypto_connect_ajax_process, allowing unauthenticated attackers to bypass authentication and log in as any existing user (e.g...
CVE-2024-9988
CVE-2024-9988 (WordPress Crypto plugin) enables authentication bypass via crypto_connect_ajax_process::register, allowing unauthenticated login as existing users (e.g., admin). Publicly documented by Wordfence/Red Hat; patched in a later release (2.19) after disclosure; updates to 2.19+ are recom...
CVE-2024-9990
CVE-2024-9990 describes a CSRF-to-authentication-bypass vulnerability in the WordPress Crypto plugin (versions