A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Critical Vulnerabilities affecting WordPress (CVE-2024-4544, CVE-2024-0867, CVE-2024-1974)

Critical Vulnerabilities affecting WordPress (CVE-2024-4544, CVE-2024-0867, CVE-2024-1974)

Advisory No: TZCERT/SA/2024/05/24-2

Date of First Release: 24th May 2024

Source: Wordfence

Software Affected: pie-register-social-site, email-log and ht-mega-for-elementor,

Overview:

WordPress is vulnerable to three critical vulnerabilities. The attackers can leverage the vulnerabilities to take control of the affected system.

Description:

Three WordPress plugins namely pie-register-social-site, email-log and ht-mega-for-elementor as affected by the vulnerabilities tracked as CVE-2024-4544, CVE-2024-0867, and CVE-2024-1974 respectively. Reasons for the flaws include insufficient verification on the user being supplied during a social login through the plugin, and the absence of a capability check among others. The attackers can exploit the vulnerabilities to gain access to the vulnerable system and access to sensitive information.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to gain access to the vulnerable system

Solution:

WordPress has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/pie-register-social-site/pie-register-social-sites-login-add-on-177-authentication-bypass
  2. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/email-log/email-log-248-unauthenticated-hook-injection
  3. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-246-authenticated-contributor-directory-traversal

Check Also

High severity vulnerabilities in HPE ProLiant and HPE Edgeline Servers Using BIOS (PixieFail) (CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235, CVE-2021-38575)

Advisory No: TZCERT/SA/2024/05/31-2 Date of First Release: 31st May 2024 Source: Hewlett-Packard (HP) Software Affected: …