Authentication Bypass Vulnerability in WordPress Crypto Plugin
CVE-2024-9989
9.8CRITICAL
What is CVE-2024-9989?
The Crypto plugin for WordPress has a significant security flaw that allows unauthenticated attackers to bypass authentication protocols. This vulnerability stems from a limited arbitrary method call in the 'crypto_connect_ajax_process::log_in' function, which does not properly verify user credentials before permitting access. As a result, attackers can potentially gain unauthorized access as any user, including administrators, by simply knowing the target username. This flaw emphasizes the importance of keeping plugins updated to protect user data and site integrity.