WordPress Plugin Vulnerabilities

UltimateAI <= 2.8.3 - Authentication Bypass

Description

The plugin is vulnerable to authentication bypass due to insufficient verification on the user being supplied in the 'ultimate_ai_register_or_login_with_google' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they known the email address.

Affects Plugins

Plugin icon
Ultimate_AI
No known fix

References

CVE
CVE-2024-9105
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/c2475643-a0b4-444a-a2c6-a5c45e90e1dd

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
István Márton
Verified
No
WPVDB ID
584b7170-77e7-499d-a492-5cbebda4aa04

Timeline

Publicly Published
2024-10-15 (about 1 year ago)
Added
2024-10-15 (about 1 year ago)
Last Updated
2024-10-16 (about 1 year ago)

Other

Published
Title
Published
2024-12-03
Title
WooCommerce < 9.4.3 - Unauthenticated Order Creation
Published
2020-04-28
Title
LearnPress < 3.2.6.9 - Authenticated Post Creation and Status Modification
Published
2015-04-15
Title
Profile Builder < 2.1.4 - Missing Access Controls
Published
2019-08-12
Title
JVM WooCommerce Wishlist <= 1.2.6 - Insecure Direct Object Reference
Published
2024-04-29
Title
Customer Email Verification for WooCommerce < 2.7.5 - Authentication Bypass