CVE-2024-54294: 
WordPress vulnerability analysis and mitigation

A critical authentication bypass vulnerability was discovered in the Firebase OTP Authentication WordPress plugin, identified as CVE-2024-54294. The vulnerability affects versions up to 1.0.1 of the plugin and was reported by security researcher stealthcopter on October 2, 2024, with public disclosure occurring on December 11, 2024 (Patchstack).

The vulnerability is classified as an Authentication Bypass Using an Alternate Path or Channel (CWE-288). It received a Critical CVSS v3.1 base score of 9.8 with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, no privileges required, and no user interaction needed for exploitation (Patchstack).

The vulnerability allows malicious actors to perform actions typically restricted to higher privileged users, potentially leading to complete admin access to affected WordPress websites. The high CVSS score of 9.8 indicates that this vulnerability is considered highly dangerous and is expected to become mass exploited (Patchstack).

Currently, no official fix is available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement mitigation measures immediately (Patchstack).