CVE-2024-11293
CVSS 3.1 Score 8.1 of 10 (high)
Details
Published Dec 4, 2024
CWE ID 287
Summary
CVE-2024-11293: This vulnerability affects the Registration Forms plugin for WordPress, specifically versions up to 1.7.9. The issue lies in insufficient verification of users returned by social login tokens, resulting in an authentication bypass. Unauthenticated attackers can exploit this flaw to log in as any existing user on the site, including administrators, by providing a valid email address associated with the target user.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share