Critical Security Flaw in Social Login Plugin for WordPress Exposes Users’ Accounts

Web Security News

Jun 29, 2023Ravie LakshmananWebsite Security / Vulnerability A critical security flaw has been disclosed in miniOrange’s Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982 (CVSS score: 9.8), the authentication bypass flaw impacts all versions…