Lucene search
K

4 matches found

OSV
OSV
added 2023/05/19 3:15 a.m.7 views

CVE-2023-2704

The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in a...

9.8CVSS7.3AI score0.01623EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/05/19 2:3 a.m.18 views

CVE-2023-2704 BP Social Connect <= 1.5 - Authentication Bypass

The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in a...

9.8CVSS9.8AI score0.01623EPSS
Exploits1References5
CVE
CVE
added 2023/05/19 2:3 a.m.67 views

CVE-2023-2704

CVE-2023-2704 affects BP Social Connect for WordPress (versions up to and including 1.5) with an authentication bypass due to insufficient verification during Facebook login, enabling unauthenticated login as existing users (e.g., admin) if the attacker has the email. Wordfence notes the vulnerab...

9.8CVSS9.5AI score0.01623EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2023/05/18 12:0 a.m.12 views

WordPress BP Social Connect Plugin <= 1.5 is vulnerable to Broken Access Control

Software BP Social Connect Type Plugin Vulnerable versions = 1.5 Fixed in 1.6.2 OWASP Top 10 A2: Broken Authentication Classification Broken Access Control CVE CVE-2023-2704 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7c30551eab88 Credits Lana Codes Required privileg...

9.8CVSS6.5AI score0.01623EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder