Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1072 vulnerabilities reference this CWE, most recent first.

CVE-2024-11981 (GCVE-0-2024-11981)

Vulnerability from cvelistv5 – Published: 2024-11-29 06:21 – Updated: 2024-11-29 14:31
VLAI
Title
Billion Electric router - Authentication Bypass
Summary
Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
Billion Electric M100 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* , < 1.04.1.675 (custom)
Create a notification for this product.
Billion Electric M150 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* , < 1.04.1.675 (custom)
Create a notification for this product.
Billion Electric M120N Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* , < 1.04.1.675 (custom)
Create a notification for this product.
Billion Electric M500 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* , < 1.04.1.675 (custom)
Create a notification for this product.
billion_electric m100 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* < , < 1.04.1.675 (custom)
    cpe:2.3:a:billion_electric:m100:*:*:*:*:*:*:*:*
Create a notification for this product.
billion_electric m150 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* < , < 1.04.1.675 (custom)
    cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*
Create a notification for this product.
billion_electric m120n Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* < , < 1.04.1.675 (custom)
    cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*
Create a notification for this product.
billion_electric m500 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* < , < 1.04.1.675 (custom)
    cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-11-29 06:16
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:billion_electric:m100:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "m100",
            "vendor": "billion_electric",
            "versions": [
              {
                "lessThan": "1.04.1.592.8",
                "status": "affected",
                "version": "1.04.1.592.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.613.13",
                "status": "affected",
                "version": "1.04.1.613.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.675",
                "status": "affected",
                "version": "1.04.1.* \u003c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "m150",
            "vendor": "billion_electric",
            "versions": [
              {
                "lessThan": "1.04.1.592.8",
                "status": "affected",
                "version": "1.04.1.592.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.613.13",
                "status": "affected",
                "version": "1.04.1.613.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.675",
                "status": "affected",
                "version": "1.04.1.* \u003c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "m120n",
            "vendor": "billion_electric",
            "versions": [
              {
                "lessThan": "1.04.1.592.8",
                "status": "affected",
                "version": "1.04.1.592.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.613.13",
                "status": "affected",
                "version": "1.04.1.613.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.675",
                "status": "affected",
                "version": "1.04.1.* \u003c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "m500",
            "vendor": "billion_electric",
            "versions": [
              {
                "lessThan": "1.04.1.592.8",
                "status": "affected",
                "version": "1.04.1.592.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.613.13",
                "status": "affected",
                "version": "1.04.1.613.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.675",
                "status": "affected",
                "version": "1.04.1.* \u003c",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11981",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:25:30.745734Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T14:31:52.528Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "M100",
          "vendor": "Billion Electric",
          "versions": [
            {
              "lessThan": "1.04.1.592.8",
              "status": "affected",
              "version": "1.04.1.592.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.613.13",
              "status": "affected",
              "version": "1.04.1.613.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.675",
              "status": "affected",
              "version": "1.04.1.*",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "M150",
          "vendor": "Billion Electric",
          "versions": [
            {
              "lessThan": "1.04.1.592.8",
              "status": "affected",
              "version": "1.04.1.592.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.613.13",
              "status": "affected",
              "version": "1.04.1.613.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.675",
              "status": "affected",
              "version": "1.04.1.*",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "M120N",
          "vendor": "Billion Electric",
          "versions": [
            {
              "lessThan": "1.04.1.592.8",
              "status": "affected",
              "version": "1.04.1.592.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.613.13",
              "status": "affected",
              "version": "1.04.1.613.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.675",
              "status": "affected",
              "version": "1.04.1.*",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "M500",
          "vendor": "Billion Electric",
          "versions": [
            {
              "lessThan": "1.04.1.592.8",
              "status": "affected",
              "version": "1.04.1.592.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.613.13",
              "status": "affected",
              "version": "1.04.1.613.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.675",
              "status": "affected",
              "version": "1.04.1.*",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-11-29T06:16:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCertain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.\u003c/span\u003e"
            }
          ],
          "value": "Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-29T06:29:10.735Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-8275-50f42-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-8276-1defb-2.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\u003cbr\u003eFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\u003cbr\u003eFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.\u003cbr\u003e"
            }
          ],
          "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later."
        }
      ],
      "source": {
        "advisory": "TVN-202411026",
        "discovery": "EXTERNAL"
      },
      "title": "Billion Electric router - Authentication Bypass",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2024-11981",
    "datePublished": "2024-11-29T06:21:31.476Z",
    "dateReserved": "2024-11-29T01:52:19.267Z",
    "dateUpdated": "2024-11-29T14:31:52.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11925 (GCVE-0-2024-11925)

Vulnerability from cvelistv5 – Published: 2024-11-28 07:14 – Updated: 2026-04-08 16:33
VLAI
Title
WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation
Summary
The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
eyecix JobSearch WP Job Board Affected: 0 , ≤ 2.6.7 (semver)
Create a notification for this product.
eyecix jobsearch_wp_job_board Affected: 0 , ≤ 2.6.7 (semver)
    cpe:2.3:a:eyecix:jobsearch_wp_job_board:-:*:*:*:*:wordpress:*:*
Create a notification for this product.
Credits
Tonn
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eyecix:jobsearch_wp_job_board:-:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jobsearch_wp_job_board",
            "vendor": "eyecix",
            "versions": [
              {
                "lessThanOrEqual": "2.6.7",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11925",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T15:33:46.283379Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:35:07.980Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "JobSearch WP Job Board",
          "vendor": "eyecix",
          "versions": [
            {
              "lessThanOrEqual": "2.6.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tonn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:33:15.499Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/04bc8101-2676-4695-a498-f79be8221617?source=cve"
        },
        {
          "url": "https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-27T19:13:40.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "WP JobSearch \u003c= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-11925",
    "datePublished": "2024-11-28T07:14:07.539Z",
    "dateReserved": "2024-11-27T18:26:49.008Z",
    "dateUpdated": "2026-04-08T16:33:15.499Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11639 (GCVE-0-2024-11639)

Vulnerability from cvelistv5 – Published: 2024-12-10 18:54 – Updated: 2024-12-14 04:55
VLAI
Summary
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
Ivanti Cloud Services Application Unaffected: 5.0.3 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11639",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-14T04:55:11.739Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Cloud Services Application",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "5.0.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
            }
          ],
          "value": "An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T18:54:43.368Z",
        "orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
        "shortName": "ivanti"
      },
      "references": [
        {
          "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
    "assignerShortName": "ivanti",
    "cveId": "CVE-2024-11639",
    "datePublished": "2024-12-10T18:54:43.368Z",
    "dateReserved": "2024-11-22T18:45:24.957Z",
    "dateUpdated": "2024-12-14T04:55:11.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11349 (GCVE-0-2024-11349)

Vulnerability from cvelistv5 – Published: 2024-12-21 04:22 – Updated: 2026-04-08 17:32
VLAI
Title
AdForest <= 5.1.6 - Authentication Bypass
Summary
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
scriptsbundle AdForest Affected: 0 , ≤ 5.1.6 (semver)
Create a notification for this product.
Credits
Tonn
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11349",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-23T16:43:21.405263Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-28T00:51:22.860Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AdForest",
          "vendor": "scriptsbundle",
          "versions": [
            {
              "lessThanOrEqual": "5.1.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tonn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user\u0027s identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:32:53.748Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f374b3d1-820b-473f-8d2b-c3267e6d23d9?source=cve"
        },
        {
          "url": "https://themeforest.net/item/adforest-classified-wordpress-theme/19481695"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-12-20T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "AdForest \u003c= 5.1.6 - Authentication Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-11349",
    "datePublished": "2024-12-21T04:22:17.791Z",
    "dateReserved": "2024-11-18T16:47:22.199Z",
    "dateUpdated": "2026-04-08T17:32:53.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11286 (GCVE-0-2024-11286)

Vulnerability from cvelistv5 – Published: 2025-03-14 04:22 – Updated: 2026-04-08 17:09
VLAI
Title
WP JobHunt <= 7.1 - Authentication Bypass
Summary
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, including administrators.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
n/a WP JobHunt Affected: 0 , ≤ 7.1 (semver)
Credits
Tonn
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11286",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-14T13:56:57.868391Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T13:57:05.975Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WP JobHunt",
          "vendor": "n/a",
          "versions": [
            {
              "lessThanOrEqual": "7.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tonn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user\u0027s identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user\u0027s account, including administrators."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:09:16.059Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/91754c4d-a0d0-4d35-a70a-446d2bdf6c73?source=cve"
        },
        {
          "url": "https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-13T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "WP JobHunt \u003c= 7.1 - Authentication Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-11286",
    "datePublished": "2025-03-14T04:22:33.776Z",
    "dateReserved": "2024-11-15T20:12:45.530Z",
    "dateUpdated": "2026-04-08T17:09:16.059Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11178 (GCVE-0-2024-11178)

Vulnerability from cvelistv5 – Published: 2024-12-06 06:48 – Updated: 2026-04-08 17:25
VLAI
Title
Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP
Summary
The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
india-web-developer Login with OTP Affected: 0 , ≤ 1.4.2 (semver)
Create a notification for this product.
wordpress login_with_otp_plugin Affected: 0 , ≤ 1.4.2 (semver)
    cpe:2.3:a:wordpress:login_with_otp_plugin:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:wordpress:login_with_otp_plugin:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "login_with_otp_plugin",
            "vendor": "wordpress",
            "versions": [
              {
                "lessThanOrEqual": "1.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11178",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-09T14:49:37.098541Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-09T14:51:36.034Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Login with OTP",
          "vendor": "india-web-developer",
          "versions": [
            {
              "lessThanOrEqual": "1.4.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there\u2019s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:25:37.006Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3775d48-5985-475e-8fb9-c4c5fd044772?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/otp-login/tags/1.4.2/lib/otpl-class.php#L293"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/otp-login/tags/1.4.2/lib/otpl-class.php#L317"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3216953/otp-login#file18"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-13T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2024-12-05T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Login With OTP \u003c= 1.4.2 - Authentication Bypass via Weak OTP"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-11178",
    "datePublished": "2024-12-06T06:48:22.861Z",
    "dateReserved": "2024-11-13T13:33:17.977Z",
    "dateUpdated": "2026-04-08T17:25:37.006Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11028 (GCVE-0-2024-11028)

Vulnerability from cvelistv5 – Published: 2024-11-13 09:30 – Updated: 2026-04-08 17:28
VLAI
Title
MultiManager WP – Manage All Your WordPress Sites Easily <= 1.0.5 - Authentication Bypass via User Impersonation
Summary
The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it possible for unauthenticated attackers to generate an impersonation link that will allow them to log in as any existing user, such as an administrator. NOTE: The user impersonation feature was disabled in version 1.1.0 and re-enabled with a patch in version 1.1.2.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
icdsoft MultiManager WP – Manage All Your WordPress Sites Easily Affected: 0 , ≤ 1.0.5 (semver)
Create a notification for this product.
icdsoft multimanager_wp_manage_all_your_word_press_sites_easily Affected: 0 , ≤ 1.0.5 (semver)
    cpe:2.3:a:icdsoft:multimanager_wp_manage_all_your_word_press_sites_easily:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Khayal Farzaliyev
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:icdsoft:multimanager_wp_manage_all_your_word_press_sites_easily:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "multimanager_wp_manage_all_your_word_press_sites_easily",
            "vendor": "icdsoft",
            "versions": [
              {
                "lessThanOrEqual": "1.0.5",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11028",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T14:56:17.004134Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T14:59:40.159Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MultiManager WP \u2013 Manage All Your WordPress Sites Easily",
          "vendor": "icdsoft",
          "versions": [
            {
              "lessThanOrEqual": "1.0.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Khayal Farzaliyev"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The MultiManager WP \u2013 Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it possible for unauthenticated attackers to generate an impersonation link that will allow them to log in as any existing user, such as an administrator. NOTE: The user impersonation feature was disabled in version 1.1.0 and re-enabled with a patch in version 1.1.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:28:21.159Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de8e7adc-3777-4fb1-a708-68da950e3d4f?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3184657/multimanager-wp"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3184678/multimanager-wp"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3184826/multimanager-wp"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-08T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2024-11-12T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "MultiManager WP \u2013 Manage All Your WordPress Sites Easily \u003c= 1.0.5 - Authentication Bypass via User Impersonation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-11028",
    "datePublished": "2024-11-13T09:30:26.145Z",
    "dateReserved": "2024-11-08T16:48:44.283Z",
    "dateUpdated": "2026-04-08T17:28:21.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-10961 (GCVE-0-2024-10961)

Vulnerability from cvelistv5 – Published: 2024-11-23 03:25 – Updated: 2026-04-08 16:49
VLAI
Title
Social Login <= 5.9.0 - Authentication Bypass via Disqus OAuth provider
Summary
The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
claudeschlesser Social Login Affected: 0 , ≤ 5.9.0 (semver)
Create a notification for this product.
oneall_social_login oa-social-login Affected: 0 , ≤ 5.9.0 (semver)
    cpe:2.3:a:oneall_social_login:oa-social-login:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
wesley
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oneall_social_login:oa-social-login:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "oa-social-login",
            "vendor": "oneall_social_login",
            "versions": [
              {
                "lessThanOrEqual": "5.9.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10961",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T17:06:01.396095Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T19:11:38.830Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Social Login",
          "vendor": "claudeschlesser",
          "versions": [
            {
              "lessThanOrEqual": "5.9.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "wesley"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:49:09.226Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43a64074-ca64-4c34-b467-06d1ad8c5aa0?source=cve"
        },
        {
          "url": "https://wordpress.org/plugins/oa-social-login/"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3201046/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-22T15:08:42.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Social Login \u003c= 5.9.0 - Authentication Bypass via Disqus OAuth provider"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-10961",
    "datePublished": "2024-11-23T03:25:48.434Z",
    "dateReserved": "2024-11-07T01:14:13.615Z",
    "dateUpdated": "2026-04-08T16:49:09.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-10924 (GCVE-0-2024-10924)

Vulnerability from cvelistv5 – Published: 2024-11-15 03:18 – Updated: 2026-01-23 15:19
VLAI
Title
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass
Summary
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:really-simple-plugins:really_simple_security:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "really_simple_security",
            "vendor": "really-simple-plugins",
            "versions": [
              {
                "lessThanOrEqual": "9.1.1.1",
                "status": "affected",
                "version": "9.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10924",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T17:56:32.562044Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:58:22.917Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-23T15:19:28.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://github.com/JoshuaProvoste/0-click-RCE-Exploit-for-CVE-2024-10924"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Really Simple Security Pro multisite",
          "vendor": "Really Simple Plugins",
          "versions": [
            {
              "lessThanOrEqual": "9.1.1.1",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Really Simple Security \u2013 Simple and Performant Security (formerly Really Simple SSL)",
          "vendor": "rogierlankhorst",
          "versions": [
            {
              "lessThanOrEqual": "9.1.1.1",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Really Simple Security Pro",
          "vendor": "Really Simple Plugins",
          "versions": [
            {
              "lessThanOrEqual": "9.1.1.1",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the \u0027check_login_and_get_user\u0027 function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the \"Two-Factor Authentication\" setting is enabled (disabled by default)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-19T13:37:03.351Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d5d05ad-1a7a-43d2-bbbf-597e975446be?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L67"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L277"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L278"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3188431/really-simple-ssl"
        },
        {
          "url": "https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-06T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2024-11-06T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2024-11-14T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-10924",
    "datePublished": "2024-11-15T03:18:45.746Z",
    "dateReserved": "2024-11-06T14:20:37.200Z",
    "dateUpdated": "2026-01-23T15:19:28.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-10490 (GCVE-0-2024-10490)

Vulnerability from cvelistv5 – Published: 2024-12-02 08:46 – Updated: 2024-12-02 22:11
VLAI
Title
Authentication bypass flaw in several mapp components
Summary
An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions. B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
ABB
Date Public
2024-11-27 04:12
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10490",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T22:11:11.404146Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T22:11:21.408Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "B\u0026R mapp Cockpit",
          "vendor": "B\u0026R Industrial Automation GmbH",
          "versions": [
            {
              "lessThan": "6.0;0",
              "status": "affected",
              "version": "5.0;0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "B\u0026R mapp View",
          "vendor": "B\u0026R Industrial Automation GmbH",
          "versions": [
            {
              "lessThan": "6.0",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "B\u0026R mapp Services",
          "vendor": "B\u0026R Industrial Automation GmbH",
          "versions": [
            {
              "lessThan": "6.0",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "B\u0026R mapp Motion",
          "vendor": "B\u0026R Industrial Automation GmbH",
          "versions": [
            {
              "lessThan": "6.0",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "B\u0026R mapp Vision",
          "vendor": "B\u0026R Industrial Automation GmbH",
          "versions": [
            {
              "lessThan": "6.0",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-11-27T04:12:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An \u201cAuthentication Bypass Using an Alternate Path or Channel\u201d vulnerability in the OPC UA Server configuration required for B\u0026amp;R mapp Cockpit before 6.0, B\u0026amp;R mapp View before 6.0, B\u0026amp;R mapp Services before 6.0, B\u0026amp;R mapp Motion before 6.0 and B\u0026amp;R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions.\u003cbr\u003eB\u0026amp;R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.\u003cbr\u003e"
            }
          ],
          "value": "An \u201cAuthentication Bypass Using an Alternate Path or Channel\u201d vulnerability in the OPC UA Server configuration required for B\u0026R mapp Cockpit before 6.0, B\u0026R mapp View before 6.0, B\u0026R mapp Services before 6.0, B\u0026R mapp Motion before 6.0 and B\u0026R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions.\nB\u0026R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-02T08:46:48.918Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://www.br-automation.com/fileadmin/SA22P014-90c4aa35.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authentication bypass flaw in several mapp components",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eEnforce client device authentication in the configuration of the OPC UA server. Configure a proper \u201cSecurityPolicy\u201d for OPC UA Server (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://help.br-automation.com/#/en/4/communication/opcua/runtime/opcua_config_security.html\"\u003eAutomation Help\u003c/a\u003e) and select a \u201cCertificateStore configuration\u201d which has \u201cValidate SSL communication partner\u201d set to \u201con\u201d (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://help.br-automation.com/#/en/4/access_and_security%2Fssl%2Fssl_configuration.html\"\u003eAutomation Help\u003c/a\u003e).\u003c/p\u003e\u003cp\u003eLimit access to the OPC UA Server (default 4840/tcp) to IP addresses or IP subnets which are running instances of impacted mapp components and legitime OPC UA clients using the B\u0026amp;R Automation Runtime host-based firewall. Ensure only trusted personal is able to access devices with the specified IP (range) and enforce strict authentication on these devices.\u003c/p\u003e\u003cp\u003ePlease be aware that B\u0026amp;R Automation Runtime and its services (like mapp components) are not intended to be directly connected to the internet at any time. Customers are advised to use the host-based firewall as well as an external control network firewall to limit access to each service running at B\u0026amp;R Automation Runtime. Additionally, consider granting access from the outside of the control network only to specific timeframes (e.g. for maintenance).\u003c/p\u003e\u003cp\u003e\u003cb\u003emapp View\u003c/b\u003e\u003c/p\u003e\u003cp\u003eFor customers only using the OPC UA Server for their mapp View Visualization, block all incoming traffic to the OPC UA Server (default port 4840/tcp) using the B\u0026amp;R Automation Runtime host-based firewall. Blocking external traffic on the OPC UA Server has no impact on the functionality of mapp View.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Enforce client device authentication in the configuration of the OPC UA server. Configure a proper \u201cSecurityPolicy\u201d for OPC UA Server ( Automation Help https://help.br-automation.com/#/en/4/communication/opcua/runtime/opcua_config_security.html ) and select a \u201cCertificateStore configuration\u201d which has \u201cValidate SSL communication partner\u201d set to \u201con\u201d ( Automation Help https://help.br-automation.com/#/en/4/access_and_security%2Fssl%2Fssl_configuration.html ).\n\nLimit access to the OPC UA Server (default 4840/tcp) to IP addresses or IP subnets which are running instances of impacted mapp components and legitime OPC UA clients using the B\u0026R Automation Runtime host-based firewall. Ensure only trusted personal is able to access devices with the specified IP (range) and enforce strict authentication on these devices.\n\nPlease be aware that B\u0026R Automation Runtime and its services (like mapp components) are not intended to be directly connected to the internet at any time. Customers are advised to use the host-based firewall as well as an external control network firewall to limit access to each service running at B\u0026R Automation Runtime. Additionally, consider granting access from the outside of the control network only to specific timeframes (e.g. for maintenance).\n\nmapp View\n\nFor customers only using the OPC UA Server for their mapp View Visualization, block all incoming traffic to the OPC UA Server (default port 4840/tcp) using the B\u0026R Automation Runtime host-based firewall. Blocking external traffic on the OPC UA Server has no impact on the functionality of mapp View."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2024-10490",
    "datePublished": "2024-12-02T08:46:44.044Z",
    "dateReserved": "2024-10-29T11:13:34.960Z",
    "dateUpdated": "2024-12-02T22:11:21.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.