cleantalk
Vulnerabilities and Security Researches

Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition, CVE-2025-6441

CVE, Research URL

CVE-2025-6441

Home page URL

Security reports for Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition

Application

Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition

Published on
Jul 24, 2025
Research Description
The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login token generation due to a missing capability check on the `webinarignition_sign_in_support_staff` and `webinarignition_register_support` functions in all versions up to, and including, 4.03.31. This makes it possible for unauthenticated attackers to generate login tokens for arbitrary WordPress users under certain circumstances, issuing authorization cookies which can lead to authentication bypass.
Affected versions
Min -, max 4.03.31.
Status
vulnerable
Previous vulnerability researches
WP Applink (CVE-2025-6385) , Jul 25, 2025
New vulnerability
Frontend File Manager Plugin (CVE-2023-7306) , Jul 27, 2025
Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition (CVE-2025-6441) , Jul 27, 2025
Timber (CVE-2024-45411) , Jul 27, 2025
Advanced iFrame (CVE-2025-6987) , Jul 27, 2025
ReachShip WooCommerce Multi-Carrier & Conditional Shipping (CVE-2025-53213) , Jul 27, 2025