cbcvebase.

Odude Crypto Tool vulnerabilities

5 known vulnerabilities affecting odude/crypto_tool.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-9989P1CRITICALCVSS 9.8PoC≤ 2.152024-10-29
CVE-2024-9989 [CRITICAL] CWE-288 CVE-2024-9989: The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and includ The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site,
nvd
CVE-2024-9988P2CRITICALCVSS 9.8≤ 2.152024-10-29
CVE-2024-9988 [CRITICAL] CWE-288 CVE-2024-9988: The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and includ The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.19. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax_process::register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator,
nvd
CVE-2024-9990P3HIGHCVSS 8.8≤ 2.162024-10-29
CVE-2024-9990 [HIGH] CWE-352 CVE-2024-9990: The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator via a forged request gr
nvd
CVE-2025-11986P4MEDIUMCVSS 5.3≤ 2.222025-11-11
CVE-2025-11986 [MEDIUM] CWE-306 CVE-2025-11986: The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and inc The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action (wp_ajax_nopriv_crypto_connect_ajax_process) that allows calling the register and savenft methods with only a publicly-available nonce check and no wallet signature ver
nvd
CVE-2025-11988P4MEDIUMCVSS 5.3≤ 2.222025-11-11
CVE-2025-11988 [MEDIUM] CWE-862 CVE-2025-11988: The Crypto plugin for WordPress is vulnerable to unauthorized manipulation of data in all versions u The Crypto plugin for WordPress is vulnerable to unauthorized manipulation of data in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action (wp_ajax_nopriv_crypto_connect_ajax_process) that allows calling the crypto_delete_json method with only a publicly-available nonce check. This makes it po
nvd
Odude Crypto Tool vulnerabilities | cvebase