Unauthenticated Attackers Can Bypass Login Authentication in WooCommerce Photo Reviews Premium Plugin
CVE-2024-8277
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 11 September 2024
Badges
What is CVE-2024-8277?
The WooCommerce Photo Reviews Premium plugin for WordPress contains a security flaw that permits authentication bypass. This vulnerability affects all versions up to and including 1.3.13.2. The underlying issue arises from the plugin's failure to adequately validate the user transient within the login() function, leading to significant security risks. Attackers can exploit this weakness to gain unauthorized access as users, particularly those who have dismissed admin notices within a set timeframe. Furthermore, the flaw enables an attacker to utilize any transient linked to a valid user_id for login purposes, although successfully exploiting this scenario may require additional effort and knowledge. Safeguarding your websites that utilize this plugin is critical to prevent unauthorized access and preserve user data integrity.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
WooCommerce Photo Reviews Premium * <= 1.3.13.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
52% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved