Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.
The vulnerability results from an error in the basic authentication mechanism (CWE-305, CWE-287) — user identity verification can be bypassed without knowledge of a password or token. An attacker remotely, over the network, can circumvent the login process, which classifies the error as Authentication Bypass by Primary Weakness. This affects version 1.4.5 of the plugin.
An attacker can gain unauthorized access to user accounts or WordPress admin panel, which consequently may lead to complete website takeover, data disclosure, and data modification.
The plugin must be immediately updated to a version higher than 1.4.5. If no update is available, the plugin must be immediately disabled and removed. Detailed information about the patch is available in the Patchstack database and from the plugin vendor.
Swoop 1-Click Login: Passwordless Authentication plugin version 1.4.5 for WordPress.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSwoopnow 1 Click Login\
APPSwoopnow_passwordless_authentication