CVE-2024-10114

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Nov 5, 2024

Updated: Nov 7, 2024

CWE ID 287

Summary

CVE-2024-10114 is a critical vulnerability affecting the WooCommerce - Social Login plugin for WordPress. In versions up to and including 2.7.7, there is an authentication bypass issue. An attacker can exploit this vulnerability by providing a social login token without proper verification, allowing them to log in as any existing user on the site, potentially gaining administrative access. This poses a significant risk to WordPress sites using the affected plugin, as unauthenticated users could take control of administrator accounts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zmPZsU
https://www.cve.org/CVERecord?id=CVE-2024-10114
https://nvd.nist.gov/vuln/detail/CVE-2024-10114

Back to Vulnerability Database

CVE-2024-10114

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations