CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-50478

CVSS 9.8v3.1pub. 2024-10-28upd. 2026-04-28

Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.

🤖 AI Analysis
How it works

The vulnerability results from an error in the basic authentication mechanism (CWE-305, CWE-287) — user identity verification can be bypassed without knowledge of a password or token. An attacker remotely, over the network, can circumvent the login process, which classifies the error as Authentication Bypass by Primary Weakness. This affects version 1.4.5 of the plugin.

Impact

An attacker can gain unauthorized access to user accounts or WordPress admin panel, which consequently may lead to complete website takeover, data disclosure, and data modification.

Mitigation & patch

The plugin must be immediately updated to a version higher than 1.4.5. If no update is available, the plugin must be immediately disabled and removed. Detailed information about the patch is available in the Patchstack database and from the plugin vendor.

Who is affected

Swoop 1-Click Login: Passwordless Authentication plugin version 1.4.5 for WordPress.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Swoopnow 1 Click Login\

    APP
    Swoopnow
    _passwordless_authentication
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References