← Back

CVE-2024-5149

nvd nist
Published: Jun 5, 2024Modified: Apr 8, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.

Affected (1)

Themekraft
1 product
Buddyforms
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Buddyforms
Up to 2.8.9

Related CWEs

CWE-330
Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (5)

Source: security@wordfence.com
Product
Source: security@wordfence.com
Source: security@wordfence.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.