How severe is CVE-2024-12432?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-12432?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2024-12432 - HIGH Severity | CVSS 8.1

Vulnerability Description

The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generate_key' function not producing a sufficiently random value. This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as site administrators, granted they have triggered the ajax_login() function which generates a unique key that can be used to log in.

Related Vulnerabilities

CVE-2022-31034

HIGH

CVSS:8.1(High)

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the A...

CWE-3302022

CVE-2019-11219

HIGH

CVSS:8.2(High)

The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connecti...

CWE-3302019

CVE-2024-35292

HIGH

CVSS:8.2(High)

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR...

CWE-3302024

CVE-2017-15654

HIGH

CVSS:8.3(High)

Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.

CWE-3302017

CVE-2018-15807

HIGH

CVSS:7.8(High)

POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed locall...

CWE-3302018

CVE-2020-0644

HIGH

CVSS:7.8(High)

An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-20...

CWE-3302020