WordPress plugin vulnerability puts user accounts at risk

30 June 2023

More than 30,000 WordPress sites using miniOrange’s Social Login and Register plugin could have their user accounts exposed with the exploitation of a critical authentication bypass vulnerability, tracked as CVE-2023-2982, according to The Hacker News. The flaw, which stems from a hardcoded encryption key for securing data from social media-based logins, “makes it possible for an unauthenticated attacker to gain access to any account on a site including accounts used to administer the site, if the attacker knows, or can find, the associated email address,”

Source: SC Magazine

Date:

30 June 2023

Categorie(s):

NEWS

Tag(s):

IT, News

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam19 May 2024
Week in review: New Black Basta’s social engineering campaign, passing the CISSP exam in 6 weeks19 May 2024
Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide19 May 2024
Enhanced Security for Enterprises: Google Launches Google Threat Intelligence19 May 2024
Hackers Exploiting Docusign With Phishing Attack To Steal Credentials19 May 2024