Authentication Bypass Vulnerability in Plugin for WordPress
CVE-2024-9105
9.8CRITICAL
What is CVE-2024-9105?
The UltimateAI plugin for WordPress is susceptible to an authentication bypass vulnerability, found in versions up to and including 2.8.3. This arises from inadequate verification in the 'ultimate_ai_register_or_login_with_google' function, enabling unauthenticated attackers to gain access as any existing user on the site, including administrators, by exploiting knowledge of the victim's email address.
Affected Version(s)
Ultimate AI * <= 2.8.3