5 matches found
CVE-2024-10020
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log i...
CVE-2024-10020
creationtimestamp| type| source ---|---|--- 2024-11-06 06:48:17+00:00| seen| https://infosec.exchange/users/cve/statuses/113434669656961794 2024-11-06 06:51:29+00:00| seen| https://infosec.exchange/users/cve/statuses/113434682244741631 2024-11-06 09:08:42+00:00| seen| https://t.me/cvedetector/999...
CVE-2024-10020 Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass via Disqus OAuth provider
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log i...
CVE-2024-10020
CVE-2024-10020 — Heateor Social Login WordPress plugin suffers an authentication bypass in all versions up to 1.1.35 due to insufficient verification of the user returned by the social login token. This allows unauthenticated attackers to log in as an existing user on the site (provided they have...
WordPress Heateor Social Login Plugin <= 1.1.35 is vulnerable to Broken Authentication
Software Heateor Social Login Type Plugin Vulnerable versions = 1.1.35 Fixed in 1.1.36 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10020 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0cb2e3c4d2f1 Credits...