Authentication Bypass Vulnerability in Plugin for WordPress
CVE-2024-9105
9.8CRITICAL
Summary
The UltimateAI plugin for WordPress is susceptible to an authentication bypass vulnerability, found in versions up to and including 2.8.3. This arises from inadequate verification in the 'ultimate_ai_register_or_login_with_google' function, enabling unauthenticated attackers to gain access as any existing user on the site, including administrators, by exploiting knowledge of the victim's email address.
Affected Version(s)
Ultimate AI * <= 2.8.3
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
István Márton