CVE-2024-5149

medium

Description

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/a5c8d361-698b-4abd-bcdd-0361d3fd10c5?source=cve

https://plugins.trac.wordpress.org/browser/buddyforms/tags/2.8.9/includes/wp-insert-user.php#L334

Details

Source: Mitre, NVD

Published: 2024-06-05

Updated: 2024-06-06

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N