CVE-2024-10097
CVSS 3.1 Score 8.1 of 10 (high)
Details
Summary
CVE-2024-10097 is a vulnerability affecting the Loginizer Security and Loginizer plugins for WordPress. The issue involves insufficient verification during the authentication process using social login tokens. As a result, unauthenticated attackers can bypass the login process and gain access to existing user accounts, including administrative accounts, by providing the correct email address and accessing the corresponding token. This vulnerability poses a significant security risk, as it allows attackers to infiltrate WordPress sites with ease. WordPress users are advised to update these plugins to the latest versions as soon as possible to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Loginizer
Affected Vendors
- Loginizer