CVE-2024-9105

Name of the Vulnerable Software and Affected Versions The UltimateAI plugin for WordPress versions up to, and including, 2.8.3

Description The issue is due to insufficient verification on the user being supplied in the ultimate ai register or login with google function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

Recommendations For versions up to, and including, 2.8.3, consider disabling the ultimate ai register or login with google function until a patch is available to prevent authentication bypass. Restrict access to sensitive areas of the site to minimize the risk of exploitation. Avoid using the UltimateAI plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.