PT-2024-31629 · WordPress+1 · The Pie Register - Social Sites Login+1
István Márton
·
Published
2024-05-24
·
Updated
2024-06-10
·
CVE-2024-4544
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
The Pie Register - Social Sites Login (Add on) plugin for WordPress versions up to, and including, 1.7.7
PHP versions 8.3 up to 8.3.8
PHP versions 8.2 up to 8.2.20
PHP versions 8.1 up to 8.1.29
Description:
The issue is due to insufficient verification on the user being supplied during a social login through the plugin, making it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
Recommendations:
For The Pie Register - Social Sites Login (Add on) plugin for WordPress versions up to, and including, 1.7.7: Update the plugin to a version later than 1.7.7.
For PHP versions 8.3 up to 8.3.8: Upgrade to PHP version 8.3.8 or later.
For PHP versions 8.2 up to 8.2.20: Upgrade to PHP version 8.2.20 or later.
For PHP versions 8.1 up to 8.1.29: Upgrade to PHP version 8.1.29 or later.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php
The Pie Register - Social Sites Login