CVE-2024-5204

[boomdevs] Swiss Toolkit For WP

Posted on By Treadstone 71

2024-05-29 12:00:52.417016 (UTC +09:00)

1. CVE-2024-5204

[boomdevs] Swiss Toolkit For WP

The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is d…

>>> https://www.cve.org/CVERecord?id=CVE-2024-5204 <<<

Assigner: Wordfence
Published: 2024-05-29T02:00:35.975Z
Updated: 2024-05-29T02:00:35.975Z
Score: 8.8 (HIGH) [cvssV3_1]

CWE: CWE-288 Authentication Bypass Using an Alternate Path or Channel

Affected.
(1) Swiss Toolkit For WP: All <= 1.0.7

References.
(1) https://www.wordfence.com/threat-intel/vulnerabilities/id/a8526106-847a-420f-9275-f759a8dd4dfb?source=cve
(2) https://plugins.trac.wordpress.org/browser/swiss-toolkit-for-wp/trunk/includes/plugins/class-boomdevs-swiss-toolkit-generate-login-url.php?rev=3077000#L50
(3) https://plugins.trac.wordpress.org/changeset/3091913/swiss-toolkit-for-wp

Interesting.
WordPress, Plugin, Authentication bypass


2. CVE-2024-5150

[glboy] Login with phone number

The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This …

>>> https://www.cve.org/CVERecord?id=CVE-2024-5150 <<<

Assigner: Wordfence
Published: 2024-05-29T02:00:37.242Z
Updated: 2024-05-29T02:00:37.242Z
Score: 9.8 (CRITICAL) [cvssV3_1]

CWE: CWE-288 Authentication Bypass Using an Alternate Path or Channel

Affected.
(1) Login with phone number: All <= 1.7.26

References.
(1) https://www.wordfence.com/threat-intel/vulnerabilities/id/cf34eb9f-f6e9-4a7a-8459-c86f9fa3dad8?source=cve
(2) https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4183
(3) https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4220
(4) https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4241
(5) https://plugins.trac.wordpress.org/changeset/3090625/login-with-phone-number
(6) https://plugins.trac.wordpress.org/changeset/3090754/login-with-phone-number#file5

Interesting.
WordPress, Plugin, Authentication bypass

ALL Tags:

Related Posts

Copyright 2024

Discover more from The Cyber Shafarat -

Subscribe now to keep reading and get access to the full archive.

Continue reading