The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
History

Tue, 12 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Ce21
Ce21 ce21-suite
CPEs cpe:2.3:a:ce21:ce21-suite:*:*:*:*:*:*:*:*
Vendors & Products Ce21
Ce21 ce21-suite
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 09 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
Description The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
Title CE21 Suite <= 2.2.0 - Authentication Bypass
Weaknesses CWE-288
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-11-09T02:32:00.635Z

Updated: 2024-11-12T17:11:52.545Z

Reserved: 2024-10-23T07:23:16.240Z

Link: CVE-2024-10284

cve-icon Vulnrichment

Updated: 2024-11-12T17:11:47.443Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-09T03:15:03.943

Modified: 2024-11-12T13:56:54.483

Link: CVE-2024-10284

cve-icon Redhat

No data.