CVE-2024-10111
CVSS 3.1 Score 8.1 of 10 (high)
Details
Summary
CVE-2024-10111 is a vulnerability affecting the OAuth Single Sign On plugin for WordPress, specifically versions up to and including 6.26.3. This issue stems from insufficient user verification during the authentication process when handling social login tokens. Consequently, unauthenticated attackers can bypass authentication and log in as any existing user, including administrators, by providing a valid username, even if the user does not have an account associated with the token-issuing service. Successful exploitation of this vulnerability can lead to unauthorized access and potential site takeover.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.