The Hacker News - Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts
A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982 (CVSS score: 9.8), the authentication bypass flaw impacts all versions of the plugin, including and prior to 7.6.4. It was addressed on June 14, 2023
from The Hacker News https://thehackernews.com/2023/06/critical-security-flaw-in-social-login.html
from The Hacker News https://thehackernews.com/2023/06/critical-security-flaw-in-social-login.html
Comments
Post a Comment