2024-10-29 16:31:30
Wordfence
PUBLISHED
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to crypto_connect_ajax_process::log_in function in the crypto_connect_ajax_process function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.