CVE-2024-6637

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-305
View all →

Vulnerability Description

The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user.

Related Vulnerabilities

CVE-2020-14359

HIGH
CVSS:7.3(High)

A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some ...

CWE-3052020

CVE-2024-34077

HIGH
CVSS:7.3(High)

MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeov...

CWE-3052024

CVE-2022-4722

HIGH
CVSS:7.2(High)

Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5.

CWE-3052022

CVE-2021-3547

HIGH
CVSS:7.4(High)

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in th...

CWE-3052021

CVE-2024-20015

HIGH
CVSS:7.4(High)

In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...

CWE-3052024

CVE-2020-11012

HIGH
CVSS:7.5(High)

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating n...

CWE-3052020