PT-2024-31677 · WordPress · Social Login Lite For Woocommerce
István Márton
·
Published
2024-06-03
·
Updated
2024-06-07
·
CVE-2024-4552
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Social Login Lite For WooCommerce plugin for WordPress versions up to, and including, 1.6.0
Description:
The issue is due to insufficient verification on the user being supplied during the social login through the plugin, making it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. This allows attackers to bypass authentication and gain unauthorized access.
Recommendations:
For Social Login Lite For WooCommerce plugin for WordPress versions up to, and including, 1.6.0: Update the plugin to a version higher than 1.6.0 to resolve the authentication bypass issue. As a temporary workaround, consider restricting access to the social login feature until a patch is available.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Social Login Lite For Woocommerce