CVE-2024-8943
published 2024-10-08CVE-2024-8943: The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on…
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.99%
85.7th percentile
The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the "Use WordPress users as customers" setting is enabled, which is disabled by default. The vulnerability is partially patched in version 5.0.12 and fully patched in version 5.0.13.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| latepoint | latepoint | < 5.0.13 | 5.0.13 |
| latepoint | latepoint_plugin | <= 5.0.12 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →A successful authentication bypass will result in a Set-Cookie header containing 'wordpress_logged_in_' in the response to the exploit POST request, indicating the attacker has been logged in as the targeted user.
- →Attackers will first enumerate WordPress user IDs via the REST API endpoints /wp-json/wp/v2/users or /?rest_route=/wp/v2/users before launching the authentication bypass. Monitor for unauthenticated access to these endpoints followed by POST requests to admin-ajax.php.
- →A JSON response body containing '"status":"success"' from /wp-admin/admin-ajax.php in response to a latepoint_route_call action indicates a successful bypass.
- ·The authentication bypass to WordPress user accounts is only exploitable when the 'Use WordPress users as customers' setting is enabled in the LatePoint plugin. This setting is DISABLED by default, significantly limiting the attack surface in default installations. ↗
- ·The attacker must have prior knowledge of or be able to enumerate a valid WordPress user ID. The REST API user enumeration endpoints (/wp-json/wp/v2/users) are commonly used as a prerequisite step. Disabling user enumeration via the REST API can reduce exploitability.
- ·Version 5.0.12 is only a partial patch; the vulnerability is fully remediated only in version 5.0.13. Detection rules should flag both 5.0.12 and earlier versions as vulnerable. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jwc3-mm8j-j745: The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5
ghsa_unreviewed·2024-10-08
CVE-2024-8943 [CRITICAL] CWE-288 GHSA-jwc3-mm8j-j745: The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5
The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the "Use WordPress users as customers" setting is enabled, which is disabled by default. The vulnerability is partially patched in version 5.0.12 and fully patched in version 5.0.13.
VulnCheck
latepoint latepoint Authentication Bypass Using an Alternate Path or Channel
vulncheck·2024·CVSS 9.8
CVE-2024-8943 [CRITICAL] latepoint latepoint Authentication Bypass Using an Alternate Path or Channel
latepoint latepoint Authentication Bypass Using an Alternate Path or Channel
The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the "Use WordPress users as customers" setting is enabled, which is disabled by default. The vulnerability is partially patched in version 5.0.12 and fully patched in version 5.0.13.
Affected: latepoint latepoint
Required Action: Apply remediations or mitigations per vendor instruc
No detection rules found.
Nuclei
LatePoint <= 5.0.12 - Authentication Bypass
nuclei·CVSS 9.8
CVE-2024-8943 [CRITICAL] LatePoint <= 5.0.12 - Authentication Bypass
LatePoint <= 5.0.12 - Authentication Bypass
LatePoint plugin for WordPress versions up to 5.0.12 contains an authentication bypass caused by insufficient verification of user during booking, letting unauthenticated attackers log in as any existing user if they have user ID access, exploit requires access to user ID, and the 'Use WordPress users as customers' setting enabled.
Template:
id: CVE-2024-8943
info:
name: LatePoint <= 5.0.12 - Authentication Bypass
author: daffainfo
severity: critical
description: |
LatePoint plugin for WordPress versions up to 5.0.12 contains an authentication bypass caused by insufficient verification of user during booking, letting unauthenticated attackers log in as any existing user if they have user ID access, exploit requires access to user ID, and the
No writeups or analysis indexed.
2024-10-08
Published
Exploited in the wild