CVE-2024-7027

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-288
View all →

Vulnerability Description

The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing Voucher Vendor user on the site, if they have access to the user id.

Related Vulnerabilities

CVE-2024-6635

HIGH
CVSS:7.3(High)

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.3. This is due to insufficient controls in the 'woo_slg_login_email' fu...

CWE-2882024

CVE-2025-47244

HIGH
CVSS:7.3(High)

Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop...

CWE-2882025

CVE-2019-5473

HIGH
CVSS:7.2(High)

An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.

CWE-2882019

CVE-2022-1681

HIGH
CVSS:7.2(High)

Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions

CWE-2882022

CVE-2025-39535

HIGH
CVSS:7.2(High)

Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.7.

CWE-2882025

CVE-2025-47941

HIGH
CVSS:7.2(High)

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dial...

CWE-2882025