Description
The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login token generation due to a missing capability check on the `webinarignition_sign_in_support_staff` and `webinarignition_register_support` functions in all versions up to, and including, 4.03.32. This makes it possible for unauthenticated attackers to generate login tokens for arbitrary WordPress users under certain circumstances, issuing authorization cookies which can lead to authentication bypass.
References (7)
Core 7
Scores
CVSS v3
9.8
EPSS
0.0098
EPSS Percentile
57.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (2)
tobias_conrad/Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition
< 4.03.31
tobias_conrad/WebinarIgnition – Live, Automated & Evergreen Webinars for WooCommerce
< 4.03.32
Published
Jul 24, 2025
Tracked Since
Feb 18, 2026