We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'.
Reserved 2024-09-13 | Published 2024-09-20 | Updated 2024-09-20 | Assigner WordfenceCWE-269 Improper Privilege Management
2024-09-13: | Discovered |
2024-09-13: | Vendor Notified |
2024-09-17: | Disclosed |
István Márton
www.wordfence.com/...-9ce8-47fc-8fd3-6af80015dea9?source=cve
plugins.trac.wordpress.org/...or/tags/1.40/WeboFacto/Sso.php
plugins.trac.wordpress.org/...t/3153062/webo-facto-connector
Support options