CVE-2025-1638
The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity through the alloggio_membership_init_rest_api_facebook_login and alloggio_membership_init_rest_api_google_login functions. This makes it possible for unauthenticated attackers to log in as any user, including administrators, without knowing a password.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-03-01 08:15:34
Güncelleme
2025-03-01 08:15:34
Source Identifier
security@wordfence.com
KEV Date Added
-