CVE-2023-2982 Scanner
Detects 'Authentication Bypass' vulnerability in WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) affects v. through 7.6.4.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) is a software plugin used by developers to add social media login and registration functionality to their WordPress websites. The plugin allows website users to easily sign in to the site using their existing social media accounts, rather than creating a new account. With over 1 million active installations, this plugin has become a popular solution for website owners seeking to streamline their user registration process and offer more convenience to their users.
One of the vulnerabilities detected in this plugin is CVE-2023-2982. This vulnerability is due to insufficient encryption on the user being supplied during a login validated through the plugin. As a result, unauthenticated attackers can easily log in as any existing user on the site if they know the email address associated with that user. This type of vulnerability can lead to major security and privacy breaches, exposing sensitive user data and putting users at risk.
Exploitation of this vulnerability can result in disastrous consequences for website owners. Unauthenticated attackers can hack into the website and access sensitive information such as usernames, passwords, and personal data, including email addresses. They can also alter the site's content or shut down the entire website altogether, causing significant financial loss to business owners.
Thanks to the pro features of s4e.io, readers of this article can easily and quickly learn about vulnerabilities in their digital assets. With its advanced scanning and reporting tools, s4e.io can help website owners stay on top of their website's security and protect against vulnerabilities like CVE-2023-2982. By keeping their website secure, website owners can ensure the safety and privacy of their users while maintaining the integrity of their business.
REFERENCES
- https://lana.codes/lanavdb/2326f41f-a39f-4fde-8627-9d29fff91443/
- https://plugins.trac.wordpress.org/browser/miniorange-login-openid/trunk/mo-openid-social-login-functions.php#L107
- https://plugins.trac.wordpress.org/changeset/2924863/miniorange-login-openid
- https://plugins.trac.wordpress.org/changeset/2925914/miniorange-login-openid
- https://www.wordfence.com/threat-intel/vulnerabilities/id/08ca186a-2486-4a58-9c53-03e9eba13e66?source=cve
