CVE-2021-24647 Scanner
Detects 'Unauthenticated Arbitrary Login' vulnerability in Pie Register plugin for WordPress affects v. before 3.7.1.6.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
720 sec
Scan only one
Domain, Ipv4
Toolbox
-
Vulnerability Overview
Pie Register, a plugin for creating custom registration forms on WordPress, has a critical security flaw in its social login process. This flaw permits attackers to bypass authentication mechanisms, potentially logging in as any user by merely knowing their user ID or username.
Vulnerability Details
The issue lies within the social login functionality of Pie Register versions prior to 3.7.1.6. Specifically, an attacker can send a crafted POST request to the login URL with manipulated parameters (social_site=true
and a user-defined user_id_social_site
) to achieve unauthorized access to any user account.
Possible Effects
Successful exploitation allows an attacker to:
- Access private user information.
- Perform actions with the privileges of the compromised user, including administrative tasks.
- Potentially escalate privileges or exploit further vulnerabilities within the site.
Why Choose S4E
S4E offers a comprehensive platform to detect vulnerabilities like CVE-2021-24647, providing users with:
- Automated scanning tools designed for precision and efficiency.
- Expert guidance on vulnerability remediation to secure your digital assets.
- Access to a wide range of security resources and updates on the latest cyber threats. Joining S4E empowers you with the knowledge and tools needed to defend against sophisticated cyber attacks, ensuring the safety and integrity of your online presence.