CVE-2024-10111

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 12, 2024
CWE ID 287

Summary

CVE-2024-10111 is a vulnerability affecting the OAuth Single Sign On plugin for WordPress, specifically versions up to and including 6.26.3. This issue stems from insufficient user verification during the authentication process when handling social login tokens. Consequently, unauthenticated attackers can bypass authentication and log in as any existing user, including administrators, by providing a valid username, even if the user does not have an account associated with the token-issuing service. Successful exploitation of this vulnerability can lead to unauthorized access and potential site takeover.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share