Filtered by vendor Ce21
Subscriptions
Filtered by product Ce21-suite
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-10284 | 1 Ce21 | 1 Ce21-suite | 2024-11-12 | 9.8 Critical |
The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | ||||
CVE-2024-10285 | 1 Ce21 | 1 Ce21-suite | 2024-11-12 | 9.8 Critical |
The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token. | ||||
CVE-2024-10294 | 1 Ce21 | 1 Ce21-suite | 2024-11-12 | 6.5 Medium |
The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings. |
Page 1 of 1.