Authorization Vulnerability Affects WordPress Social Login and Register
CVE-2023-25455
5.3MEDIUM
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 9 December 2024
Summary
A missing authorization vulnerability in the miniOrange WordPress Social Login and Register plugin exposes sites to potential misuse of incorrectly configured access control mechanisms. This vulnerability can enable unauthorized users to gain access to sensitive functionalities, particularly affecting integrations with popular platforms such as Discord, Google, Twitter, and LinkedIn. Websites using versions from n/a up to 7.6.0 are susceptible to these issues, which underscore the necessity for rigorous access control configurations in web applications.
Affected Version(s)
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.0
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Rafshanzani Suhada (Patchstack Alliance)