WebinarIgnition
Moderate fix1 remedy
cpe:2.3:a:saleswonder:webinarignition:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 4.03.32
WebinarIgnition WordPress Plugin Unauthenticated Login Token Generation Vulnerability
Vulnerability
Patched
A vulnerability exists in the WebinarIgnition plugin for WordPress, specifically in versions through 4.03.31. The issue arises from a missing capability check in the 'webinarignition_sign_in_support_staff' and 'webinarignition_register_support' functions. This flaw allows unauthenticated attackers to generate login tokens for any WordPress user, potentially bypassing authentication by using the issued authorization cookies.
Impact
Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized access to user accounts on the WordPress site.
Reproduction
The vulnerability can be reproduced by sending a request to the WordPress site with the 'webinarignition_sign_in_support_staff' or 'webinarignition_register_support' actions. These actions can be triggered without any authentication, which will result in the generation of a login token for a specified user.
Remediation
Users are advised to update the WebinarIgnition plugin to version 4.03.33 or later.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
5.0exploitability
8.6remediation
7.7relevance
0.3threat
4.8urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.