CVE-2024-11028
MultiManager WP – Manage All Your WordPress Sites Easily <= 1.0.5 - Authentication Bypass via User Impersonation
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it possible for unauthenticated attackers to generate an impersonation link that will allow them to log in as any existing user, such as an administrator. NOTE: The user impersonation feature was disabled in version 1.1.0 and re-enabled with a patch in version 1.1.2.
| CWE | CWE-288 |
| Vendor | icdsoft |
| Product | multimanager wp – manage all your wordpress sites easily |
| Published | Nov 13, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for icdsoft multimanager wp – manage all your wordpress sites easily
Be the first to know when new critical vulnerabilities affecting icdsoft multimanager wp – manage all your wordpress sites easily are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
icdsoft / MultiManager WP – Manage All Your WordPress Sites Easily
0 ≤ 1.0.5
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/de8e7adc-3777-4fb1-a708-68da950e3d4f?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3184657/multimanager-wp plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3184678/multimanager-wp plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3184826/multimanager-wp
Credits
Khayal Farzaliyev