CVE-2024-50488: 
WordPress vulnerability analysis and mitigation

The Token Login WordPress plugin, developed by Priyabrata Sarkar, contains an Authentication Bypass vulnerability (CVE-2024-50488) affecting versions up to 1.0.3. The vulnerability was discovered and reported on October 25, 2024, by security researcher 'stealthcopter' (Patchstack).

The vulnerability is classified as an Authentication Bypass Using an Alternate Path or Channel (CWE-288, CWE-306). It has received a CVSS v3.1 Base Score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high impact on confidentiality, integrity, and availability (NVD).

The vulnerability allows attackers to perform actions that should only be executable by higher-privileged users, potentially leading to administrative access to the affected WordPress website. The high CVSS score indicates that this vulnerability is considered highly dangerous and is expected to become mass exploited (Patchstack).

Currently, no official fix is available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement immediate mitigation measures or consider using Patchstack's protection (Patchstack).