Lucene search

K
vulnrichmentPatchstackVULNRICHMENT:CVE-2024-49604
HistoryOct 20, 2024 - 7:56 a.m.

CVE-2024-49604 WordPress Simple User Registration plugin <= 5.5 - Account Takeover vulnerability

2024-10-2007:56:32
CWE-288
Patchstack
github.com
2
cve-2024
wordpress
user registration
account takeover
authentication bypass

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

39.9%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:najeeb_ahmad:simple_user_registration:*:*:*:*:*:*:*:*"
    ],
    "vendor": "najeeb_ahmad",
    "product": "simple_user_registration",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "5.5"
      }
    ],
    "defaultStatus": "unknown"
  }
]

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

39.9%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

Related for VULNRICHMENT:CVE-2024-49604