cleantalk
Vulnerabilities and Security Researches

Webo-facto, CVE-2024-8853

CVE, Research URL

CVE-2024-8853

Home page URL

Security reports for Webo-facto

Application

Webo-facto

Published on
Sep 20, 2024
Research Description
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'.
Affected versions
Min -, max 1.41.
Status
vulnerable
Previous vulnerability researches
Webo-facto (CVE-2024-8853) , Sep 21, 2024
New vulnerability
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light (CVE-2025-48123) , Jun 04, 2025
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light (CVE-2025-48129) , Jun 04, 2025
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light (CVE-2025-48124) , Jun 04, 2025
Best Contact Management Software for WordPress (CVE-2025-5539) , Jun 04, 2025
Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin (CVE-2025-47585) , Jun 04, 2025