CVE-2024-12287: Biagiotti Membership <= 1.0.2 - Authentication Bypass via biagiotti_membership_check_facebook_user

9.8 CVSS

Description

The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, such as administrators, granted they have access to an email.

Classification

CVE ID: CVE-2024-12287

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: Mikado-Themes

Product: Biagiotti Membership

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 40.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/12f319df-41eb-484a-8fca-af6ae76f4179?source=cve
https://themeforest.net/item/biagiotti-beauty-and-cosmetics-shop/24645919

Timeline

2024-12-19 00:30:35 UTC
CVE

Biagiotti Membership <= 1.0.2 - Authentication Bypass via biagiotti_membership_check_facebook_user