{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-27T04:03:33.234","vulnerabilities":[{"cve":{"id":"CVE-2024-11028","sourceIdentifier":"security@wordfence.com","published":"2024-11-13T10:15:04.237","lastModified":"2024-11-19T15:38:19.023","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it possible for unauthenticated attackers to generate an impersonation link that will allow them to log in as any existing user, such as an administrator. NOTE: The user impersonation feature was disabled in version 1.1.0 and re-enabled with a patch in version 1.1.2."},{"lang":"es","value":"El complemento MultiManager WP – Manage All Your WordPress Sites Easily para WordPress es vulnerable a la omisión de autenticación en todas las versiones hasta la 1.0.5 incluida. Esto se debe a que la función de suplantación de usuario determina de manera inapropiada el usuario actual a través de la entrada proporcionada por el usuario. Esto hace posible que los atacantes no autenticados generen un enlace de suplantación que les permitirá iniciar sesión como cualquier usuario existente, como un administrador. NOTA: La función de suplantación de usuario se deshabilitó en la versión 1.1.0 y se volvió a habilitar con un parche en la versión 1.1.2."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:icdsoft:multimanager_wp:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.1.0","matchCriteriaId":"BC69E7B4-166A-4804-874E-DC59E5FBA8B7"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3184657/multimanager-wp","source":"security@wordfence.com","tags":["Product"]},{"url":"https://plugins.trac.wordpress.org/changeset/3184678/multimanager-wp","source":"security@wordfence.com","tags":["Product"]},{"url":"https://plugins.trac.wordpress.org/changeset/3184826/multimanager-wp","source":"security@wordfence.com","tags":["Product"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/de8e7adc-3777-4fb1-a708-68da950e3d4f?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}