{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6441", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-20T17:07:55.542Z", "datePublished": "2025-07-24T09:22:16.616Z", "dateUpdated": "2026-04-08T16:52:54.331Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:52:54.331Z"}, "affected": [{"vendor": "tobias_conrad", "product": "WebinarIgnition \u2013 Live, Automated & Evergreen Webinars for WooCommerce", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.03.32", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login token generation due to a missing capability check on the `webinarignition_sign_in_support_staff` and `webinarignition_register_support` functions in all versions up to, and including, 4.03.32. This makes it possible for unauthenticated attackers to generate login tokens for arbitrary WordPress users under certain circumstances, issuing authorization cookies which can lead to authentication bypass."}], "title": "Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition <= 4.03.32 - Unauthenticated Login Token Generation to Authentication Bypass", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52c19707-df18-4239-af46-12ea5ee86a4b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/webinar-ignition/trunk/inc/class-webinarignition.php#L549"}, {"url": "https://plugins.trac.wordpress.org/browser/webinar-ignition/trunk/inc/class.WebinarignitionManager.php#L53"}, {"url": "https://plugins.trac.wordpress.org/browser/webinar-ignition/trunk/inc/class.WebinarignitionManager.php#L1040"}, {"url": "https://plugins.trac.wordpress.org/browser/webinar-ignition/trunk/inc/class.WebinarignitionAjax.php#L769"}, {"url": "https://plugins.trac.wordpress.org/changeset/3333177/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3333045%40webinar-ignition&new=3333045%40webinar-ignition&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "timeline": [{"time": "2025-06-12T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-07-23T20:41:54.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-24T13:14:58.216797Z", "id": "CVE-2025-6441", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-24T13:15:02.281Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6441", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-24T13:14:58.216797Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-24T13:14:59.609Z"}}], "cna": {"title": "Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition <= 4.03.31 - Unauthenticated Login Token Generation to Authentication Bypass", "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "tobias_conrad", "product": "Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "4.03.31"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-12T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2025-07-23T20:41:54.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52c19707-df18-4239-af46-12ea5ee86a4b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/webinar-ignition/trunk/inc/class-webinarignition.php#L549"}, {"url": "https://plugins.trac.wordpress.org/browser/webinar-ignition/trunk/inc/class.WebinarignitionManager.php#L53"}, {"url": "https://plugins.trac.wordpress.org/browser/webinar-ignition/trunk/inc/class.WebinarignitionManager.php#L1040"}, {"url": "https://plugins.trac.wordpress.org/browser/webinar-ignition/trunk/inc/class.WebinarignitionAjax.php#L769"}], "descriptions": [{"lang": "en", "value": "The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login token generation due to a missing capability check on the `webinarignition_sign_in_support_staff` and `webinarignition_register_support` functions in all versions up to, and including, 4.03.31. This makes it possible for unauthenticated attackers to generate login tokens for arbitrary WordPress users under certain circumstances, issuing authorization cookies which can lead to authentication bypass."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-07-24T09:22:16.616Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6441", "state": "PUBLISHED", "dateUpdated": "2025-07-24T13:15:02.281Z", "dateReserved": "2025-06-20T17:07:55.542Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-24T09:22:16.616Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login token generation due to a missing capability check on the `webinarignition_sign_in_support_staff` and `webinarignition_register_support` functions in all versions up to, and including, 4.03.32. This makes it possible for unauthenticated attackers to generate login tokens for arbitrary WordPress users under certain circumstances, issuing authorization cookies which can lead to authentication bypass."}, {"lang": "es", "value": "El complemento Webinar Solution: Create live/evergreen/automated/instant webinars, stream &amp; Zoom Meetings | WebinarIgnition para WordPress es vulnerable a la generaci\u00f3n de tokens de inicio de sesi\u00f3n no autenticados debido a una falta de comprobaci\u00f3n de capacidad en las funciones `webinarignition_sign_in_support_staff` y `webinarignition_register_support` en todas las versiones hasta la 4.03.31 incluida. Esto permite que atacantes no autenticados generen tokens de inicio de sesi\u00f3n para usuarios arbitrarios de WordPress en determinadas circunstancias, emitiendo cookies de autorizaci\u00f3n que pueden provocar la omisi\u00f3n de la autenticaci\u00f3n."}], "id": "CVE-2025-6441", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-24T10:15:27.663", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/webinar-ignition/trunk/inc/class-webinarignition.php#L549"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/webinar-ignition/trunk/inc/class.WebinarignitionAjax.php#L769"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/webinar-ignition/trunk/inc/class.WebinarignitionManager.php#L1040"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/webinar-ignition/trunk/inc/class.WebinarignitionManager.php#L53"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3333177/"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3333045%40webinar-ignition&new=3333045%40webinar-ignition&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52c19707-df18-4239-af46-12ea5ee86a4b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T19:37:39.834044+00:00", "value": {"mitigation_remediation": ["Upgrade the WebinarIgnition plugin to the latest version that contains the missing capability checks (any release newer than 4.03.32).", "If an upgrade is not immediately possible, restrict access to the plugin\u2019s AJAX endpoints by applying WAF rules that block unauthenticated requests to the webinarignition_sign_in_support_staff and webinarignition_register_support URLs.", "Audit your WordPress logs for suspicious OAuth or token generation activity and enforce multi\u2011factor authentication for all privileged accounts to reduce the impact of any successful token exploitation."], "summary": {"action": "Immediate Patch", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "The issue affects installations of the WebinarIgnition plugin for WooCommerce, developed by Tobias Conrad, with any version up to and including 4.03.32. Any WordPress site running one of these plugin versions is potentially vulnerable.", "description_and_impact": "The WebinarIgnition WordPress plugin allows an unauthenticated attacker to generate login tokens for arbitrary WordPress users because the functions webinarignition_sign_in_support_staff and webinarignition_register_support lack a required capability check. The generated tokens become authentication cookies, enabling an attacker to impersonate any site user and gain the privileges of that user, which can lead to full site compromise. This vulnerability is a classic example of Missing Permissions (CWE\u2011862).", "risk_and_exploitability": "The CVSS score of 9.8 indicates critical severity, but the EPSS score of less than 1\u202f% reflects a very low probability of exploitation in the wild, and the vulnerability is not listed in CISA\u2019s KEV catalog. The attack vector is unauthenticated, relying solely on missing permission checks, so an adversary only needs the ability to send crafted HTTP requests to the vulnerable endpoints to achieve authentication bypass."}}}}, "created": "2026-04-21T19:45:16.075470+00:00", "updated": "2026-04-21T19:45:16.075489+00:00", "vendors": []}