CVE-2025-6441 in Webinar Solution Plugin
摘要
由 VulDB • 2026-06-04
The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress 存在未认证登录令牌生成的漏洞,原因是 `webinarignition_sign_in_support_staff` 和 `webinarignition_register_support` 函数中缺少能力检查(capability check),影响所有 4.03.31 及以下版本。在某些情况下,这使得未认证的攻击者能够为任意 WordPress 用户生成登录令牌,并签发授权 cookie,从而导致身份验证绕过。
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.