A vulnerability allowing authentication bypass has been identified in the miniOrange Social Login and Register Pro Addon for WordPress, in all versions through 200.3.9. The issue arises from inadequate verification of users associated with social login tokens, enabling unauthenticated attackers to log in as any existing user, including administrators. This exploitation is possible if the attacker knows the username and the user lacks an existing account with the service providing the token.
Exploitation of this vulnerability allows for unauthorized login as any existing user, potentially including users with administrative privileges.
Users are advised to update the miniOrange Social Login and Register Pro Addon to version 200.3.10 or a newer patched version.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
