Vulnerabilities and security researches forwebo-facto-connector webo-facto-connector

Sep 21, 2024

CVE, Research URL: CVE-2024-8853
Home page URL: Security reports for Webo-facto
Application: Webo-facto
Date: Sep 20, 2024
Research Description: The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'.
Affected versions: Min -, max -.
Status: vulnerable