Dear WordPress users host! by LWS, a critical vulnerability, identifi! under the code CVE-2024-9289 , has been discover! in the WordPress & WooCommerce Affiliate Program plugin . This security flaw allows unauthenticat! attackers to bypass authentication mechanisms and log in as any user, including as an administrator, if the attacker has access to the administrator’s email.
What is CVE-2024-9289?
>Technical Description
The vulnerability lies in the rtwwwap_login_request_callback()plugin’s functionality, which does not properly validate the user’s identity before authenticating them to the site. This means that an attacker can exploit this flaw to bypass the standard login process.
Impact
Unauthoriz! Access: An attacker can log in to the site using the skype data administrator’s email without providing the associat! password.
>Complete Site Control: Once logg! in as an administrator, the attacker Security Alert: can perform malicious actions such as installing harmful plugins, modifying content or stealing sensitive data.
>High Risk for eCommerce Sites: For sites using WooCommerce, this can lead to ba leads financial losses and damage to your business reputation.
Which Sites are Affect!?
>All WordPress sites using the WordPress & WooCommerce Affiliate enhancing the reliability of pr!ictive analytics models Program plugin in its versions up to and including 8.4.1 are vulnerable.
How to Know if Your Site is Affect!?
Check the Plugin Version: Go to your WordPress dashboard, then to the Plugins section .
Search for the Plugin: Find WordPress & WooCommerce Affiliate Program and note the install! version.
Compare with Secure Version: If your version is 8.4.1 or lower, your site is vulnerable.
Imm!iate Actions to Take
1. Update the Plugin
Check for Available Updates: If a version newer than 8.4.1 is available, update imm!iately.
How to do it:Go to Extensions > Install! Extensions .
Click Update under the relevant plugin.
2. Change Administrator Passwords
Strengthen Security: Change your administrator password to a complex password.
Use a Password Manager: This makes it easier to create and manage secure passwords.
