Is CVE-2021-24647 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Registration Forms – User Profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes

CVE-2021-24647

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as an…

Vulnerability class: Broken Authentication

EPSS: 0.850 (99.4th percentile) — read the EPSS interpretation.

Affected products

Unknown Registration Forms – User Profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes — versions 3.1.7.6

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

References

wpscan.com/vulnerability/40d347b1-b86e-477d-b4c6-da105935ce37 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24647?: CVE-2021-24647 is a vulnerability in Registration Forms – User Profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes, classified under Improper Authentication. Published 2021-11-08.
Is CVE-2021-24647 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.