CVE-2024-11178

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 6, 2024
CWE ID 288

Summary

CVE-2024-11178 is a vulnerability affecting the Login With OTP plugin for WordPress. In versions up to 1.4.2, the plugin generates weak one-time passwords (OTP) for authentication. There is no attempt to limit the number of attempts or timeframe for generating an OTP, enabling unauthenticated attackers to brute force and generate valid OTP codes. Successful exploitation grants attackers the ability to log in as any existing user, including administrators, via email access.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share