CVE-2025-6441

CRITICAL 9.8

Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition <= 4.03.32 - Unauthenticated Login Token Generation to Authentication Bypass

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login token generation due to a missing capability check on the `webinarignition_sign_in_support_staff` and `webinarignition_register_support` functions in all versions up to, and including, 4.03.32. This makes it possible for unauthenticated attackers to generate login tokens for arbitrary WordPress users under certain circumstances, issuing authorization cookies which can lead to authentication bypass.

CWE	CWE-862
Vendor	tobias_conrad
Product	webinarignition – live, automated & evergreen webinars for woocommerce
Published	Jul 24, 2025
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for tobias_conrad webinarignition – live, automated & evergreen webinars for woocommerce

Be the first to know when new critical vulnerabilities affecting tobias_conrad webinarignition – live, automated & evergreen webinars for woocommerce are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

tobias_conrad / WebinarIgnition – Live, Automated & Evergreen Webinars for WooCommerce

0 ≤ 4.03.32

References

NVD ↗ CVE.org ↗ EPSS Data ↗

Credits

Kenneth Dunn