PT-2023-17425 · WordPress · Zm Ajax Login & Register

István Márton

Publicado

2023-04-15

Atualizado

2023-04-24

CVE-2023-2027

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ZM Ajax Login & Register plugin for WordPress versions up to, and including, 2.0.2

Description The issue is related to insufficient verification on the user being supplied during a Facebook login through the plugin. This allows unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.

Recommendations For versions up to, and including, 2.0.2, update to a version later than 2.0.2 to resolve the issue. As a temporary workaround, consider disabling Facebook login through the plugin until a patch is available. Restrict access to administrative accounts to minimize the risk of exploitation.

Correção

Improper Authentication

Authentication Bypass Using an Alternate Path or Channel

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287CWE-288

Identificadores relacionados

CVE-2023-2027

Produtos afetados

Zm Ajax Login & Register

PT-2023-17425 · WordPress · Zm Ajax Login & Register

CVE-2023-2027

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5