Authentication Bypass Using an Alternate Path or Channel Vulnerability
CVE-2024-49328

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WP Rest Api Fns
Vendor: CVE Published:; 20 October 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists in the WP REST API FNS plugin created by Vivek Tamrakar that allows for authentication bypass through an alternate path or channel. This flaw permits unauthorized users to gain access to sensitive functionalities without proper authentication checks. The issue impacts WP REST API FNS versions from n/a through 1.0.0, raising serious security concerns for websites utilizing this plugin. It is crucial for users to be aware of this vulnerability and take necessary steps to secure their installations.

Affected Version(s)

WP REST API FNS <= 1.0.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-49328
Created by RandomRobbieBF

References

https://patchstack.com/database/vulnerability/rest-api-fn...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Nov 7, 2024
👾
Exploit known to exist
Nov 7, 2024
Vulnerability published
Oct 20, 2024
Vulnerability Reserved
Oct 14, 2024

Credit

stealthcopter (Patchstack Alliance)