CVE-2024-50478: 
WordPress vulnerability analysis and mitigation

A critical authentication bypass vulnerability (CVE-2024-50478) was discovered in Swoop 1-Click Login: Passwordless Authentication plugin version 1.4.5 for WordPress. The vulnerability was reported on October 25, 2024, and allows unauthorized users to bypass authentication mechanisms (Patchstack).

The vulnerability is classified as an Authentication Bypass by Primary Weakness (CWE-305) and Improper Authentication (CWE-287). It received a Critical CVSS v3.1 score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network-based attack vector, low attack complexity, and no required privileges or user interaction (NVD).

The vulnerability can be exploited by malicious actors to perform actions normally restricted to higher privileged users, potentially leading to administrative access to the affected WordPress website. Due to its critical nature, this vulnerability is expected to become mass exploited (Patchstack).

No official fix is currently available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available (Patchstack).