cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9863,https://securityvulnerability.io/vulnerability/CVE-2024-9863,Unsafe Default Values Put Admin User Creation at Risk,"The UserPro plugin for WordPress presents a vulnerability that allows attackers to escalate privileges due to an insecure default setting for the 'default_user_role' option. Versions up to and including 3.6.0 enable unauthenticated users to manipulate the registration process, potentially granting themselves administrator access despite the registration form being disabled. This flaw poses a significant risk for WordPress sites utilizing this plugin, calling for immediate attention for those using affected versions.",Wordpress,Miniorange Otp Verification With Firebase,9.8,CRITICAL,0.0006300000241026282,false,,false,false,false,,false,false,2024-10-17T02:06:05.842Z,0
CVE-2024-9862,https://securityvulnerability.io/vulnerability/CVE-2024-9862,Unauthenticated Attackers Can Change Admin Passwords via Plugin Vulnerability,"The MiniOrange OTP Verification with Firebase plugin for WordPress contains a vulnerability that allows for arbitrary user password changes. In versions up to and including 3.6.0, the plugin fails to adequately restrict user access to system resources, permitting unauthorized users to bypass essential authorization checks. This issue arises from the absence of a verification step for the user's current password, opening the door for unauthenticated attackers to alter the passwords of existing accounts, including those of administrators, thereby posing significant risks to system security and user data integrity.",Wordpress,Miniorange Otp Verification With Firebase,9.8,CRITICAL,0.0006300000241026282,false,,false,false,false,,false,false,2024-10-17T02:06:03.451Z,0
CVE-2024-9861,https://securityvulnerability.io/vulnerability/CVE-2024-9861,Unauthorized Logins via OTP Validation Bypass,"The Miniorange OTP Verification with Firebase plugin for WordPress is susceptible to an authentication bypass issue present in versions up to and including 3.6.0. This vulnerability arises from inadequate validation of the token supplied during the one-time password (OTP) login process. As a result, attackers lacking valid credentials can exploit this weakness to gain unauthorized access to accounts, potentially including administrative privileges, by simply knowing the associated phone number of a targeted user.",Wordpress,Miniorange Otp Verification With Firebase,8.1,HIGH,0.0006699999794363976,false,,false,false,false,,false,false,2024-10-17T02:05:57.541Z,0