5.3
CVE-2024-6641
- EPSS 0.38%
- Veröffentlicht 18.09.2024 06:15:02
- Zuletzt bearbeitet 25.09.2024 19:07:40
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginWP Hardening – Fix Your WordPress Security <= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration
WP Hardening – Fix Your WordPress Security <= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.
Mögliche Gegenmaßnahme
WP Hardening (discontinued): Update to version 1.2.7, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Getastra ≫ Wp Hardening SwPlatformwordpress Version < 1.2.7
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Hardening (discontinued)
Version
*-1.2.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.299 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-185 Incorrect Regular Expression
The product specifies a regular expression in a way that causes data to be improperly matched or compared.
CWE-697 Incorrect Comparison
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
https://plugins.trac.wordpress.org/changeset/3151308/wp-security-hardening
https://www.wordfence.com/threat-intel/vulnerabilities/id/7a52a278-1729-4027-8a00-e9804fa6698b?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/7a52a278-1729-4027-8a00-e9804fa6698b