PT-2024-33385 · WordPress · Buddypress Better Registration
Stealthcopter
·
Published
2024-10-16
·
Updated
2024-10-16
·
CVE-2024-49247
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BuddyPress Better Registration versions 1.6 and earlier
BuddyPress Better Registration version 1.7 is not affected, as it contains the fix for the issue.
Description
The issue is an Authentication Bypass Using an Alternate Path or Channel vulnerability, which allows attackers to bypass authentication. This flaw is present in the BuddyPress Better Registration plugin.
Recommendations
For BuddyPress Better Registration versions 1.6 and earlier: Update to version 1.7 to fix this issue.
As a temporary workaround, consider restricting access to sensitive areas of the plugin until the update is applied.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Buddypress Better Registration