Missing Authorization Vulnerability in miniOrange WordPress Social Login and Register Allows Exploiting Incorrectly Configured Access Control Security Levels

CVE-2023-24375

What is CVE-2023-24375?

A vulnerability exists in the miniOrange WordPress Social Login and Register plugin, affecting multiple social integrations including Discord, Google, Twitter, and LinkedIn. This flaw results from incorrect configurations of access control security levels, allowing unauthorized access and manipulation of sensitive data. Users of versions up to 7.5.14 may be at risk, emphasizing the need for immediate attention to security settings and potential updates to safeguard against unauthorized exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References