Vulnerability Description
The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, such as administrators, granted they have access to an email.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://themeforest.net/item/biagiotti-beauty-and-cosmetics-shop/24645919
- https://www.wordfence.com/threat-intel/vulnerabilities/id/12f319df-41eb-484a-8fc
FAQ
What is CVE-2024-12287?
CVE-2024-12287 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity pri...
How severe is CVE-2024-12287?
CVE-2024-12287 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-12287?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.