Filtered by vendor Ce21 Subscriptions
Filtered by product Ce21-suite Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-10284 1 Ce21 1 Ce21-suite 2024-11-12 9.8 Critical
The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
CVE-2024-10285 1 Ce21 1 Ce21-suite 2024-11-12 9.8 Critical
The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token.
CVE-2024-10294 1 Ce21 1 Ce21-suite 2024-11-12 6.5 Medium
The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.