The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
Metrics
Affected Vendors & Products
References
History
Tue, 12 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ce21
Ce21 ce21-suite |
|
CPEs | cpe:2.3:a:ce21:ce21-suite:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ce21
Ce21 ce21-suite |
|
Metrics |
ssvc
|
Sat, 09 Nov 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |
Title | CE21 Suite <= 2.2.0 - Authentication Bypass | |
Weaknesses | CWE-288 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-11-09T02:32:00.635Z
Updated: 2024-11-12T17:11:52.545Z
Reserved: 2024-10-23T07:23:16.240Z
Link: CVE-2024-10284
Vulnrichment
Updated: 2024-11-12T17:11:47.443Z
NVD
Status : Awaiting Analysis
Published: 2024-11-09T03:15:03.943
Modified: 2024-11-12T13:56:54.483
Link: CVE-2024-10284
Redhat
No data.