The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax_process::register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Odude crypto Tool
|
|
CPEs | cpe:2.3:a:odude:crypto_tool:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Odude crypto Tool
|
Tue, 29 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Odude
Odude crypto |
|
CPEs | cpe:2.3:a:odude:crypto:*:*:*:*:*:*:*:* | |
Vendors & Products |
Odude
Odude crypto |
|
Metrics |
ssvc
|
Tue, 29 Oct 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax_process::register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | |
Title | Crypto <= 2.15 - Authentication Bypass via register | |
Weaknesses | CWE-288 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published: 2024-10-29T16:31:29.682Z
Updated: 2024-10-29T19:42:30.917Z
Reserved: 2024-10-15T11:42:09.954Z
Link: CVE-2024-9988

Updated: 2024-10-29T19:42:26.664Z

Status : Analyzed
Published: 2024-10-29T17:15:05.227
Modified: 2024-11-07T17:00:29.560
Link: CVE-2024-9988

No data.