Is CVE-2024-9488 actively exploited?

CVE-2024-9488 has no public evidence of in-the-wild exploitation as of 2024-11-06.

What is the CVSS score for CVE-2024-9488?

CVE-2024-9488 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2024-9488?

Patch guidance is available from gvectors security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-9488.

Fix CVE-2024-9488 - CRITICAL gvectors wpdiscuz

Description

The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-288NVD-CWE-Other

Metadata

Primary Vendor: GVECTORS
Published: 10/25/2024
Last Modified: 11/6/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2024-9488

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary