CVE-2024-50483 – WordPress Meetup plugin <= 0.1 - Broken Authentication vulnerability

https://notcve.org/view.php?id=CVE-2024-50483

25 Oct 2024 — Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1. The Meetup plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them via the facebook_register() function. This makes it possible for unauthenticated attackers to log in as any user, granted they know their email address.... • https://github.com/RandomRobbieBF/CVE-2024-50483 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-639: Authorization Bypass Through User-Controlled Key •