Authentications Bypass Vulnerability in Social Login WordPress Plugin

CVE-2024-10020

What is CVE-2024-10020?

The Heateor Social Login plugin for WordPress is susceptible to an authentication bypass issue present in all versions up to and including 1.1.35. The root of this vulnerability lies in inadequate verification processes regarding the user linked to the social login token. Consequently, this flaw allows unauthenticated attackers to gain access into the accounts of existing users, provided they know the corresponding email address. Moreover, if the user lacks a pre-existing account associated with the service that returns the token, this further facilitates unauthorized access. Although attackers typically cannot authenticate as administrators, accounts with explicitly enabled social login authentication for administrators remain vulnerable, highlighting a significant security concern that requires immediate attention.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References