CVE-2024-5432

EPSS 0.66%
Veröffentlicht 20.06.2024 02:15:11
Zuletzt bearbeitet 08.04.2026 17:19:03
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Lifeline Donation <= 1.2.6 - Authentication Bypass

The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

Mögliche Gegenmaßnahme

Lifeline Donation: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Webinane ≫ Lifeline Donation SwPlatformwordpress Version <= 1.2.6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Lifeline Donation

Version *-1.2.6

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.66%	0.468

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/includes/class-lifeline-donation.php?rev=2575844#L292

Product

https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/vendor/webinane/webinane-commerce/includes/Classes/Checkout.php?rev=2490935#L125

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/2e24da0c-13d2-4a3d-b918-0d28e3341d88?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/2e24da0c-13d2-4a3d-b918-0d28e3341d88

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-5432

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-5432

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-5432

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-5432