Imechapishwa: May 27, 2024 05:24
Advisory No: TZCERT/SA/2024/05/24-2
Source: Wordfence
Software Affected: pie-register-social-site, email-log and ht-mega-for-elementor,
Advisory No: TZCERT/SA/2024/05/24-2
Date of First Release: 24th May 2024
Source: Wordfence
Software Affected: pie-register-social-site, email-log and ht-mega-for-elementor,
Overview:
WordPress is vulnerable to three critical vulnerabilities. The attackers can leverage the vulnerabilities to take control of the affected system.
Description:
Three WordPress plugins namely pie-register-social-site, email-log and ht-mega-for-elementor as affected by the vulnerabilities tracked as CVE-2024-4544, CVE-2024-0867, and CVE-2024-1974 respectively. Reasons for the flaws include insufficient verification on the user being supplied during a social login through the plugin, and the absence of a capability check among others. The attackers can exploit the vulnerabilities to gain access to the vulnerable system and access to sensitive information.
Impact:
Successful exploitation of these vulnerabilities may allow an attacker to gain access to the vulnerable system
Solution:
WordPress has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
References:
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.