Rewterz

North Korean APT Kimsuky aka Black Banshee – Active IOCs

November 8, 2024
Rewterz

CVE-2024-5910 – Palo Alto Networks Expedition Vulnerability Exploit in the Wild

November 8, 2024

Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-10020 CVSS:8.1

The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token.

CVE-2024-10263 CVSS:7.3

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

CVE-2024-10114 CVSS:8.1

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.

Impact

  • Code Execution
  • Gain Access

Indicators of Compromise

CVE

  • CVE-2024-10020
  • CVE-2024-10263
  • CVE-2024-10114

Affected Vendors

WordPress

Affected Products

  • Heateor Social Login WordPress - *
  • Tickera – WordPress Event Ticketing - *
  • WooCommerce - Social Login - *

Remediation

Upgrade to the latest version, available from the WordPress Plugin Directory.

CVE-2024-10020

CVE-2024-10263

CVE-2024-10114

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.