Critical MiniOrange Social Login and Register Plugin Vulnerability

June 29, 2023

A critical security flaw has been discovered in the WordPress “MiniOrange Social Login and Register” plugin.

Successful exploitation may allow unauthenticated threat actor to gain access to any account on a site including accounts used to administer the site, if the attacker knows, or can find, the associated email address.

The Vulnerability

  • CVE-2023-2982 (CVSS 3.1: 9.8, Critical) – Authentication bypass vulnerability caused by insufficient encryption on the user being supplied during a login validated through the plugin.

Affected Versions

  • WordPress “MiniOrange Social Login and Register” plugin – versions prior and include 7.6.4.

Mitigation

CYREBRO recommends updating to the latest plugin version Р7.6.5 as soon as possible.

References: WordDfence Advisory

Sign Up for Updates