Описание
The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.
Ссылки
EPSS
Процентиль: 71%
0.00666
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-288
Связанные уязвимости
CVSS3: 9.8
github
7 месяцев назад
The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.
EPSS
Процентиль: 71%
0.00666
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-288