CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50486 – WordPress Acnoo Flutter API plugin <= 1.0.5 - Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2024-50486
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5. The Acnoo Flutter API plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.5. This is due to the plugin not properly verifying a users identify prior to allowing them to access an account. This makes it possible for unauthenticated attackers to log in as other users, such as administrators. • https://patchstack.com/database/vulnerability/acnoo-flutter-api/wordpress-acnoo-flutter-api-plugin-1-0-5-account-takeover-vulnerability?_s_id=cve • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3095 – Incorrect parsing of the backslash characters in Dart library
https://notcve.org/view.php?id=CVE-2022-3095
The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue. La implementación del análisis de barra invertida en la clase Dart URI para versiones anteriores a 2.18 y versiones de Flutter anteriores a 3.30 difiere de los estándares de URL de WhatWG. Dart utiliza la sintaxis RFC 3986, que crea incompatibilidades con los caracteres '\' en los URI, lo que puede provocar una omisión de autenticación en las aplicaciones web que interpretan los URI. • https://github.com/dart-lang/sdk/blob/master/CHANGELOG.md#2182---2022-09-28 • CWE-20: Improper Input Validation •