{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T07:53:46.784","vulnerabilities":[{"cve":{"id":"CVE-2024-11015","sourceIdentifier":"security@wordfence.com","published":"2024-12-12T04:15:04.797","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator."},{"lang":"es","value":" El complemento Sign In With Google para WordPress es vulnerable a la omisión de la autenticación en todas las versiones hasta la 1.8.0 incluida . Esto se debe a que la función de usuario 'authenticate_user' no implementa suficientes comprobaciones de valores nulos al configurar el token de acceso y la información del usuario. Esto hace posible que atacantes no autenticados inicien sesión como el primer usuario que haya iniciado sesión con Google OAuth, que podría ser el administrador del sitio."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/sign-in-with-google/trunk/src/admin/class-sign-in-with-google-admin.php#L525","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/afe894b0-5e91-4aa2-bbd1-1f74274701cf?source=cve","source":"security@wordfence.com"}]}}]}