CVE-2024-10245

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 12, 2024

CWE ID 288

Summary

CVE-2024-10245 is a vulnerability affecting the Relais 2FA plugin for WordPress. The issue stems from a flaw in the 'rl_do_ajax' function, which compromises authentication and capability checks. Consequently, unauthenticated attackers can bypass the authentication process and gain access to existing user accounts, including administrator accounts, if they have access to the targeted email address. This vulnerability poses a significant security risk, as it allows unauthorized access to WordPress sites, potentially leading to data breaches and other malicious activities.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zvU7Ly
https://www.cve.org/CVERecord?id=CVE-2024-10245
https://nvd.nist.gov/vuln/detail/CVE-2024-10245

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-10245

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations