image credit: Unsplash

Critical Security Flaw in Social Login Plugin for WordPress Exposes Users’ Accounts

June 29, 2023

A critical security flaw has been disclosed in miniOrange’s Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known.

Tracked as CVE-2023-2982 (CVSS score: 9.8), the authentication bypass flaw impacts all versions of the plugin, including and prior to 7.6.4. It was addressed on June 14, 2023, with the release of version 7.6.5 following responsible disclosure on June 2, 2023.

Read More on The Hacker News