CVE-2024-9687

Summary

CVE-2024-9687 identifies a vulnerability in the WP 2FA with Telegram plugin for WordPress, specifically affecting versions up to and including 3.0. The flaw arises from insufficient validation of a user-controlled key during the 'validate_tg' action, allowing authenticated attackers with subscriber-level permissions or higher to impersonate any existing user, including administrators. To remediate this issue, it is recommended that users update the plugin to the latest version. The vulnerability poses significant risks, as it can lead to unauthorized access and control over sensitive data and site functionalities, given its high severity rating of 8.8 on the CVSS scale. Organizations using this plugin should prioritize updating to mitigate potential integrity and confidentiality impacts associated with this exploit.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.