ThreatPress

WordPress Vulnerabilities Database

Back

WordPress MemberSonic Lite Plugin <= 1.2 - Authentication BYPASS

Product
MemberSonic Lite
Description
Because of this vulnerability, an unauthorized user can login to any account by knowing the email address, which is associated with the account.
Solution
Update the plugin.
Classification
Type BYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
References
Pritect
CVE
Name CVE-N/A
Versions
Affected In <= 1.2
Fixed In 1.302
Disclosure date
2016-06-28
Credits
James Golovich