CVE-2024-9946

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Nov 6, 2024
CWE ID 287

Summary

CVE-2024-9946 is a vulnerability affecting the Super Socializer plugin for WordPress. The flaw, present in all versions up to 7.13.68, allows unauthenticated attackers to bypass authentication and assume the identity of any existing user. This can be achieved by exploiting insufficient verification on user authentication through social login tokens. While administrator accounts are not compromised by default, they are at risk if social login authentication for administrators has been enabled. The vulnerability was partially addressed in version 7.13.68.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share