A vulnerability, which was classified as critical, was found in RedefiningTheWeb WordPress & WooCommerce Affiliate Program Plugin up to 8.4.1 on WordPress. This affects the function
rtwwwap_login_request_callback
. The manipulation leads to authentication bypass using alternate channel.
This vulnerability is uniquely identified as CVE-2024-9289. It is possible to initiate the attack remotely. There is no exploit available.