CVE-2024-4186
The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled.
We have discovered 1,146 live websites that are affected by CVE-2024-4186.
Affected Software
| Product |  Edwiser Bridge |
| Category | Wordpress Plugins |
| Vulnerable Domains | 1,146 live websites (100% of Edwiser Bridge install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Details
- Published - May 7, 2024
- Updated - Aug 1, 2024
Credits
- István Márton (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2024-4186 United States | 405 websites |
 Spain | 124 websites |
 GB | 69 websites |
 Germany | 68 websites |
 Brazil | 51 websites |
 Italy | 49 websites |
 France | 43 websites |
 South Africa | 39 websites |
 Chile | 32 websites |
 Australia | 26 websites |
Website Distribution by TLD
Number of websites using CVE-2024-4186| .com | 450 websites |
| .org | 131 websites |
| .es | 58 websites |
| .com.br | 45 websites |
| .net | 33 websites |
| .it | 29 websites |
| .co.uk | 28 websites |
| .de | 27 websites |
| .com.au | 20 websites |
| .eu | 19 websites |
Websites affected by CVE-2024-4186
Top websites that are affected by CVE-2024-4186. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.***.uk | GB | ***,*** | |
| **************************.com | GB | ***,*** | |
| *********************.org | United States | ***,*** | |
| ******.org | United States | ***,*** | |
| ***********.org | United States | ***,*** | |
| ***.org | GB | ***,*** | |
| ***.***.uk | GB | ***,*** | |
| ****.net | GB | ***,*** | |
| **********.net | United States | ***,*** | |
| *****************.org | United States | ***,*** |
FAQ
A total of 1,146 websites have been identified as vulnerable to CVE-2024-4186, based on global website indexing conducted by WebTechSurvey.
The Edwiser Bridge is affected by the CVE-2024-4186 vulnerability.
Edwiser Bridge versions up to and including 3.0.5 are vulnerable to CVE-2024-4186.