Missing Authorization Vulnerability in miniOrange WordPress Social Login and Register Allows Exploiting Incorrectly Configured Access Control Security Levels
CVE-2023-24375

3.5LOW

Key Information:

Vendor: WordPress
Status: WordPress Social Login And Register (discord, Google, Twitter, Linkedin)
Vendor: CVE Published:; 9 December 2024

What is CVE-2023-24375?

A vulnerability exists in the miniOrange WordPress Social Login and Register plugin, affecting multiple social integrations including Discord, Google, Twitter, and LinkedIn. This flaw results from incorrect configurations of access control security levels, allowing unauthorized access and manipulation of sensitive data. Users of versions up to 7.5.14 may be at risk, emphasizing the need for immediate attention to security settings and potential updates to safeguard against unauthorized exploitation.

Affected Version(s)

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14

References

https://patchstack.com/database/wordpress/plugin/minioran...

vdb-entry

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Jan 23, 2023

Credit

István Márton (Patchstack Alliance)

CVE-2023-24375 Data

JSON