CVE-2024-10097

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Nov 5, 2024
Updated: Nov 6, 2024
CWE ID 287

Summary

CVE-2024-10097 is a vulnerability affecting the Loginizer Security and Loginizer plugins for WordPress. The issue involves insufficient verification during the authentication process using social login tokens. As a result, unauthenticated attackers can bypass the login process and gain access to existing user accounts, including administrative accounts, by providing the correct email address and accessing the corresponding token. This vulnerability poses a significant security risk, as it allows attackers to infiltrate WordPress sites with ease. WordPress users are advised to update these plugins to the latest versions as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share