WordPress Login Me Now Plugin Authentication Bypass Vulnerability

An authentication bypass vulnerability has been identified in the Login Me Now plugin for WordPress, affecting versions through 1.7.2. The issue arises from insecure authentication that relies on an arbitrary transient name in the 'AutoLogin::listen()' function. This vulnerability allows unauthenticated attackers to log in as existing users, including administrators, on the site. It is important to note that exploitation requires a transient name and value from another software, meaning the plugin is not inherently vulnerable on its own.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized users to log in as existing users, potentially including administrators.

Reproduction

To reproduce this vulnerability, an attacker must send a request to the WordPress site with a transient name and value obtained from another software, targeting the 'lmn' parameter. The 'AutoLogin::listen()' function will process the request, bypassing authentication and logging in the user associated with the transient value.

Remediation

Users are advised to update the Login Me Now plugin to version 1.7.3 or a newer patched version.