Authentication Bypass Using an Alternate Path or Channel Vulnerability
CVE-2024-49328

9.8CRITICAL

Key Information:

Vendor

WordPress
Status
WP Rest Api Fns
Vendor
CVE Published:
20 October 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 48%

What is CVE-2024-49328?

A vulnerability exists in the WP REST API FNS plugin created by Vivek Tamrakar that allows for authentication bypass through an alternate path or channel. This flaw permits unauthorized users to gain access to sensitive functionalities without proper authentication checks. The issue impacts WP REST API FNS versions from n/a through 1.0.0, raising serious security concerns for websites utilizing this plugin. It is crucial for users to be aware of this vulnerability and take necessary steps to secure their installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WP REST API FNS <= 1.0.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-49328
Created by RandomRobbieBF

References

https://patchstack.com/database/vulnerability/rest-api-fn...
vdb-entry

EPSS Score

48% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

stealthcopter (Patchstack Alliance)
JSON
.