Ver todas as ameaças

CVE-2024-11028

Alvo: Não informado

Descrição

The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it possible for unauthenticated attackers to generate an impersonation link that will allow them to log in as any existing user, such as an administrator. NOTE: The user impersonation feature was disabled in version 1.1.0 and re-enabled with a patch in version 1.1.2.

Software
Não informado
Tipo Software
Plugin
CVE
CVE-2024-11028
Tags
Nâo informado
Data de publicação
13/11/2024
Última atualização
20/11/2024
Pontuação em CVSS 3.0
9.8
Crítico
Rolar para cima