How severe is CVE-2024-9522?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-9522?

This is classified as CWE-288, which is a common weakness in software security.

CVE-2024-9522 - HIGH Severity | CVSS 8.8

Vulnerability Description

The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajax_masq_login' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.

Related Vulnerabilities

CVE-2016-9497

HIGH

CVSS:8.8(High)

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible ...

CWE-2882016

CVE-2019-13526

HIGH

CVSS:8.8(High)

Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code.

CWE-2882019

CVE-2019-5486

HIGH

CVSS:8.8(High)

A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed ...

CWE-2882019

CVE-2020-15633

HIGH

CVSS:8.8(High)

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is no...

CWE-2882020

CVE-2020-27865

HIGH

CVSS:8.8(High)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to e...

CWE-2882020

CVE-2020-27866

HIGH

CVSS:8.8(High)

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, ...

CWE-2882020