The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Dec 2024 03:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator. | |
Title | Sign In With Google <= 1.8.0 - Authentication Bypass in authenticate_user | |
Weaknesses | CWE-287 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-12T03:23:08.908Z
Updated: 2024-12-12T16:27:37.738Z
Reserved: 2024-11-08T03:24:32.104Z
Link: CVE-2024-11015
Vulnrichment
Updated: 2024-12-12T16:26:39.277Z
NVD
Status : Received
Published: 2024-12-12T04:15:04.797
Modified: 2024-12-12T04:15:04.797
Link: CVE-2024-11015
Redhat
No data.