CVE-2024-5432

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Lifeline Donation plugin for WordPress versions up to, and including, 1.2.6

Description: The issue is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

Recommendations: For versions up to, and including, 1.2.6, update to a version that includes the necessary verification to prevent authentication bypass. As a temporary workaround, consider restricting access to the checkout functionality through the plugin until a patch is available.

Fix

Authentication Bypass Using an Alternate Path or Channel

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288CWE-287

Related Identifiers

CVE-2024-5432

Affected Products

Lifeline Donation

CVE-2024-5432

Weakness Enumeration

Related Identifiers

Affected Products

References · 7