CVE-2024-49328

CRITICAL

Vivektamrakar WP Rest API Fns < 1.0.0 - Missing Authentication

Title source: rule

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0.

Exploits (3)

nomisec WORKING POC 5 stars

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2024-49328

View Code ZIP pw:eip

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2024-49328-exploit

View Code ZIP pw:eip

nomisec WORKING POC

by Nxploited · poc

https://github.com/Nxploited/CVE-2024-49328-exploit

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://patchstack.com/database/vulnerability/rest-api-fns/wordpress-wp-rest-api-fns-plugin-plugin-1-0-0-account-takeover-vulnerability?_s_id=cve

Scores

CVSS v3 9.8

EPSS 0.4806

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-306 CWE-288

Status published

Affected Products (1)

vivektamrakar/wp_rest_api_fns < 1.0.0

Timeline

Published Oct 20, 2024

Tracked Since Feb 18, 2026