CVE-2024-6641
Sept. 25, 2024, 7:07 p.m.
Tags
CVSS Score
Products Impacted
| Vendor | Product | Versions |
|---|---|---|
| getastra |
|
|
Description
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.
Weaknesses
CWE-185
Incorrect Regular Expression
The product specifies a regular expression in a way that causes data to be improperly matched or compared.
CWE ID: 185CWE-697
Incorrect Comparison
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
CWE ID: 697Date
Published: Sept. 18, 2024, 6:15 a.m.
Last Modified: Sept. 25, 2024, 7:07 p.m.
Status : Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security@wordfence.com
CPEs
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | getastra | wp_hardening | / | / | / | / | / | wordpress | / | / |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
Exploitability Score
Impact Score
Base Severity
MEDIUMCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N