PT-2024-34654 · WordPress · Buddyforms
István Márton
·
Published
2024-06-05
·
Updated
2024-06-06
·
CVE-2024-5149
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
BuddyForms plugin for WordPress versions up to, and including, 2.8.9
Description
The issue allows unauthenticated attackers to bypass email verification due to the use of an insufficiently random activation code. This enables attackers to exploit the weakness without proper authentication.
Recommendations
For versions up to, and including, 2.8.9, update to a version later than 2.8.9 to resolve the issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Buddyforms