Ce21 Suite vulnerabilities
4 known vulnerabilities affecting ce21/ce21_suite.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2
Vulnerabilities
Page 1 of 1
CVE-2024-10284P2CRITICALCVSS 9.8fixed in 2.2.12024-11-09
CVE-2024-10284 [CRITICAL] CWE-288 CVE-2024-10284: The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and in
The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to t
nvd
CVE-2024-54293P3CRITICALCVSS 9.8≤ 2.2.02024-12-13
CVE-2024-54293 [CRITICAL] CWE-266 CVE-2024-54293: Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalati
Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through <= 2.2.0.
nvd
CVE-2024-10294P3HIGHCVSS 7.5≤ 2.2.02024-11-09
CVE-2024-10294 [HIGH] CWE-862 CVE-2024-10294: The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a miss
The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.
nvd
CVE-2024-10285P3HIGHCVSS 7.5≤ 2.2.02024-11-09
CVE-2024-10285 [HIGH] CWE-200 CVE-2024-10285: The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin
The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token.
nvd