CVE-2024-34675

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Nov 6, 2024
Updated: Nov 12, 2024

Summary

CVE-2024-9946 is a vulnerability affecting the Super Socializer plugin for WordPress, which allows for authentication bypass in all versions up to 7.13.68. This issue arises due to insufficient verification on the user returned by the social login token, making it possible for unauthenticated attackers to log in as any existing user on the site. Email addresses are required for exploitation, and administrator accounts are not accessible by default, but are at risk if administrator authentication has been permitted via social login. The vulnerability was partially addressed in version 7.13.68.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share