Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts <!-- wp:html --><p>A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known.<br /> Tracked as CVE-2023-2982 (CVSS score: 9.8), the authentication bypass flaw impacts all versions of the plugin, including and prior to 7.6.4. It was addressed on June 14, 2023 <a href="http://thehackernews.com/2023/06/critical-security-flaw-in-social-login.html" target="_blank" class="feedzy-rss-link-icon" rel="noopener">Read More</a> </p> <p>The Hacker News | #1 Trusted Cybersecurity News Site </p><!-- /wp:html -->
A critical security flaw has been disclosed in miniOrange’s Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known.
Tracked as CVE-2023-2982 (CVSS score: 9.8), the authentication bypass flaw impacts all versions of the plugin, including and prior to 7.6.4. It was addressed on June 14, 2023 Read More
The Hacker News | #1 Trusted Cybersecurity News Site
