CVE-2024-9104

MEDIUM Year: 2024
CVSS v3 Score
5.6
Medium
Weakness Type
CWE-703
View all →

Vulnerability Description

The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated value check in the 'ultimate_ai_change_pass' function. This makes it possible for unauthenticated attackers to reset the password of the first user, whose account is not yet activated or the first user who activated their account, who are subscribers.

Related Vulnerabilities

CVE-2023-21026

MEDIUM
CVSS:5.5(Medium)

In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of...

CWE-7032023

CVE-2023-21036

MEDIUM
CVSS:5.5(Medium)

In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A

CWE-7032023

CVE-2023-39136

MEDIUM
CVSS:5.5(Medium)

An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service (DoS) via a crafted zip file.

CWE-7032023

CVE-2024-0092

MEDIUM
CVSS:5.5(Medium)

NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.

CWE-7032024

CVE-2024-25741

MEDIUM
CVSS:5.5(Medium)

printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspeci...

CWE-7032024

CVE-2021-25425

MEDIUM
CVSS:5.3(Medium)

Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.

CWE-7032021