CVE-2024-12287

Name of the Vulnerable Software and Affected Versions Biagiotti Membership plugin for WordPress versions up to, and including, 1.0.2

Description The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, such as administrators, granted they have access to an email.

Recommendations For versions up to, and including, 1.0.2, update to a version later than 1.0.2 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the website to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.