Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-2704
HistoryMay 19, 2023 - 3:15 a.m.

Authentication flaw

2023-05-1903:15:00
PRIOn knowledge base
www.prio-n.com
3
wordpress
plugin
authentication
flaw
unauthenticated
attackers
login
administrator
nvd
facebook

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.6%

JSON

The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

CPENameOperatorVersion
bp_social_connectle1.5

Related

cve 1
wpvulndb 1
cvelist 1
nvd 1
wordfence 2
cve
cve
CVE-2023-2704
2023-05-19 03:15:08
wpvulndb
wpvulndb
BP Social Connect < 1.6.2 - Authentication Bypass
2023-05-18 00:00:00
cvelist
cvelist
CVE-2023-2704
2023-05-19 02:03:19
nvd
nvd
CVE-2023-2704
2023-05-19 03:15:08
wordfence
wordfence
2023’s Critical WordPress Vulnerabilities and How They Work
2024-02-12 19:11:21
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
2023-05-25 13:11:33

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.6%

JSON
Related for PRION:CVE-2023-2704
cve1wpvulndb1cvelist1nvd1wordfence2