CVE-2025-6441 in Webinar Solution Plugin信息

摘要

由 VulDB • 2026-06-04

The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress 存在未认证登录令牌生成的漏洞,原因是 `webinarignition_sign_in_support_staff` 和 `webinarignition_register_support` 函数中缺少能力检查(capability check),影响所有 4.03.31 及以下版本。在某些情况下,这使得未认证的攻击者能够为任意 WordPress 用户生成登录令牌,并签发授权 cookie,从而导致身份验证绕过。

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

来源

Interested in the pricing of exploits?

See the underground prices here!