A critical security flaw has been disclosed in the Social Login and Register plugin for WordPress.
It enables malicious actors to log in without the need of an administrator’s permission.
The bug, marked as CVE-2023-2982, affects all versions of the plugin, including those that came before 7.6.0.4.1.
LearnDash LMS plugin, a WordPress plugin with over 100,000 active installations, also has a flaw that allows an attacker to reset arbitrary passwords using an existing account.
Should the account belong to the WordPress site administrator, it could result in a complete compromise.
The advisory follows the discovery of a high-severity flaw affecting Learn Dash LMS plugins.
Another important security flaw affecting miniOrange’s social login and register plugin was disclosed.
It lets an attacker gain access to a user’s private information, such as their email address, even if they do not have administrator access.
The vulnerability has been patched in version 4.6 .6.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply