Really Simple Security logo

Log out
Get PRO

Latest

Authentication vulnerability in WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) 7.6.4

  • Severity: critical
  • Status: Fixed
  • Publication: June 28, 2023

The WordPress Social Login and Register plugin for WordPress is vulnerable to a security issue which affects versions up to and including 7.6.4. This security issue makes it possible for unauthenticated attackers to log in as any user on the site if they know the email address associated with that user. This could allow them to gain access to accounts of high-level users, such as an administrator. The security issue was partially fixed in 7.6.4 and fully fixed in 7.6.5.

Detected in:

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) fixed vulnerable versions:
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon fixed vulnerable versions:
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) fixed vulnerable versions: >= * <= 7.6.4

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.