4 matches found
CVE-2023-2704
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in a...
CVE-2023-2704 BP Social Connect <= 1.5 - Authentication Bypass
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in a...
CVE-2023-2704
CVE-2023-2704 affects BP Social Connect for WordPress (versions up to and including 1.5) with an authentication bypass due to insufficient verification during Facebook login, enabling unauthenticated login as existing users (e.g., admin) if the attacker has the email. Wordfence notes the vulnerab...
WordPress BP Social Connect Plugin <= 1.5 is vulnerable to Broken Access Control
Software BP Social Connect Type Plugin Vulnerable versions = 1.5 Fixed in 1.6.2 OWASP Top 10 A2: Broken Authentication Classification Broken Access Control CVE CVE-2023-2704 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7c30551eab88 Credits Lana Codes Required privileg...