Lucene search
+L

5 matches found

OSV
OSV
added 2024/11/06 7:15 a.m.2 views

CVE-2024-10020

The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log i...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References2
Circl
Circl
added 2024/11/06 6:48 a.m.7 views

CVE-2024-10020

creationtimestamp| type| source ---|---|--- 2024-11-06 06:48:17+00:00| seen| https://infosec.exchange/users/cve/statuses/113434669656961794 2024-11-06 06:51:29+00:00| seen| https://infosec.exchange/users/cve/statuses/113434682244741631 2024-11-06 09:08:42+00:00| seen| https://t.me/cvedetector/999...

8.1CVSS8.7AI score0.00504EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/06 6:43 a.m.10 views

CVE-2024-10020 Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass via Disqus OAuth provider

The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log i...

8.1CVSS8.2AI score0.00504EPSS
Exploits0References2
CVE
CVE
added 2024/11/06 6:43 a.m.57 views

CVE-2024-10020

CVE-2024-10020 — Heateor Social Login WordPress plugin suffers an authentication bypass in all versions up to 1.1.35 due to insufficient verification of the user returned by the social login token. This allows unauthenticated attackers to log in as an existing user on the site (provided they have...

8.1CVSS8.2AI score0.00504EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/05 12:0 a.m.21 views

WordPress Heateor Social Login Plugin <= 1.1.35 is vulnerable to Broken Authentication

Software Heateor Social Login Type Plugin Vulnerable versions = 1.1.35 Fixed in 1.1.36 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10020 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0cb2e3c4d2f1 Credits...

8.1CVSS6.8AI score0.00504EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder