CVE-2024-11197

MEDIUM Year: 2024
CVSS v3 Score
4.2
Medium
Weakness Type
CWE-693
View all →

Vulnerability Description

The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, to interact with the vulnerable site via an API such as XML-RPC or REST despite their account being locked.

Related Vulnerabilities

CVE-2019-12938

MEDIUM
CVSS:4.3(Medium)

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via...

CWE-6932019

CVE-2021-1517

MEDIUM
CVSS:4.3(Medium)

A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerabilit...

CWE-6932021

CVE-2021-31608

MEDIUM
CVSS:4.3(Medium)

Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.

CWE-6932021

CVE-2022-43432

MEDIUM
CVSS:4.3(Medium)

Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers f...

CWE-6932022

CVE-2022-43433

MEDIUM
CVSS:4.3(Medium)

Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for do...

CWE-6932022

CVE-2023-0141

MEDIUM
CVSS:4.3(Medium)

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

CWE-6932023