Critical Security Flaw in Social Login Plugin for WordPress Exposes Users’ Accounts

A critical security flaw has been disclosed in miniOrange’sĀ Social Login and Register pluginĀ for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known.
Tracked as CVE-2023-2982 (CVSS score: 9.8), the authentication bypass flaw impacts all versions of the plugin, including and prior to 7.6.4. It was addressed on June 14, 2023

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter