CVE-2024-54294 – WordPress Firebase OTP Authentication plugin <= 1.0.1 - Account Takeover vulnerability

https://notcve.org/view.php?id=CVE-2024-54294

11 Dec 2024 — Authentication Bypass Using an Alternate Path or Channel vulnerability in appgenixinfotech Firebase OTP Authentication allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through 1.0.1. The Firebase OTP Authentication plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to elevate their privilege level and gain access to administrator accounts. • https://patchstack.com/database/wordpress/plugin/authentication-via-otp-using-firebase/vulnerability/wordpress-firebase-otp-authentication-plugin-1-0-1-account-takeover-vulnerability?_s_id=cve • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-862: Missing Authorization •