PT-2023-3468 · WordPress · Wordpress Social Login/Register
István Márton
+1
·
Publicado
2023-05-27
·
Atualizado
2023-12-08
·
CVE-2023-2982
CVSS v2.0
10
Crítica
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
WordPress Social Login and Register plugin versions up to and including 7.6.4
Description
The issue is related to an authentication bypass in the WordPress Social Login and Register plugin. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. It makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user.
Recommendations
For versions up to and including 7.6.4, update to version 7.6.5 to fully patch the issue.
As a temporary workaround, consider restricting access to the login functionality until the update is applied.
Exploit
Correção
Authentication Bypass Using an Alternate Path or Channel
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wordpress Social Login/Register