Authentication Bypass Vulnerability in Biagiotti Membership Plugin for WordPress
CVE-2024-12287

9.8CRITICAL

Key Information:

Vendor: Wordpress
Vendor: CVE Published:; 18 December 2024

Summary

The Biagiotti Membership plugin for WordPress contains a critical authentication bypass vulnerability that affects all versions up to and including 1.0.2. This flaw arises from the plugin's inadequate verification of user identity during the authentication process, enabling unauthenticated attackers to gain access to user accounts, including those of administrators, by simply having access to an associated email address. This significant security risk could lead to unauthorized access and potential exploitation of sensitive information within compromised accounts.

References

https://themeforest.net/item/biagiotti-beauty-and-cosmeti...

https://www.wordfence.com/threat-intel/vulnerabilities/id...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2024