2024-11-19
Platform: WordPress
Version: MultiManager WP – Manage All Your WordPress Sites Easily plugin (up to 1.0.5)
Vulnerability: Authentication Bypass
Severity: Critical
Date: November 13, 2024 (Published by NIST)
:
The MultiManager WP plugin for WordPress versions up to 1.0.5 has a critical vulnerability that allows unauthenticated attackers to bypass authentication and gain access to any user account, including administrators. This is due to a flaw in the user impersonation feature that relies on user-supplied input. The vulnerability was patched in version 1.1.2.
What Undercode Says:
This is a serious vulnerability that can be exploited by attackers to take control of your WordPress website.
If you are using MultiManager WP plugin, update to version 1.1.2 immediately.
If you are not using the user impersonation feature, consider disabling it to reduce the attack surface.
Regularly update your WordPress plugins and themes to keep your website secure.
Additional Notes:
CVE-2024-11028 was discovered and reported by Wordfence.
The National Vulnerability Database (NVD) assigned a severity score of “critical” to this vulnerability.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help