CVE-2024-11015

Name of the Vulnerable Software and Affected Versions Sign In With Google plugin for WordPress versions up to, and including, 1.8.0

Description The issue is due to the authenticate user function not implementing sufficient null value checks when setting the access token and user information. This allows unauthenticated attackers to log in as the first user who has signed in using Google OAuth, potentially the site administrator.

Recommendations For versions up to, and including, 1.8.0, update to a version that fixes the authentication bypass issue. As a temporary workaround, consider disabling the authenticate user function until a patch is available. Restrict access to the Google OAuth sign-in feature to minimize the risk of exploitation.