ГлавнаяУязвимости → CVE-2024-13182
9.8критическая

CVE-2024-13182

Описание

The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_parse_request' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator.

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
http://localhost:1337/wp-content/plugins/wp-directorybox-manager/elements/login/cs-social-login/cs-social-login.php#L43https://www.wordfence.com/threat-intel/vulnerabilities/id/ea9e5e5d-a7fc-4159-a2ae-610bee76f818?source=cve