CVE-2024-49328

CRITICAL

Vivektamrakar WP Rest API Fns < 1.0.0 - Missing Authentication

Title source: rule

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through <= 1.0.0.

Exploits (3)

nomisec WORKING POC 5 stars

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2024-49328

View Code ZIP pw:eip

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2024-49328-exploit

View Code ZIP pw:eip

nomisec WORKING POC

by Nxploited · poc

https://github.com/Nxploited/CVE-2024-49328-exploit

View Code ZIP pw:eip

References (2)

[Vdb Entry] https://patchstack.com/database/Wordpress/Plugin/rest-api-fns/vulnerability/wordpress-wp-rest-api-fns-plugin-plugin-1-0-0-account-takeover-vulnerability?_s_id=cve

[Third Party Advisory] https://patchstack.com/database/vulnerability/rest-api-fns/wordpress-wp-rest-api-fns-plugin-plugin-1-0-0-account-takeover-vulnerability?_s_id=cve

Scores

CVSS v3 9.8

EPSS 0.4156

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-288 CWE-306

Status published

Products (2)

vivek2tamrakar/WP REST API FNS < 1.0.0

vivektamrakar/wp_rest_api_fns < 1.0.0

Published Oct 20, 2024

Tracked Since Feb 18, 2026