Description
WordPress Plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently log in as any existing user on the site, including administrator, if they know the email address. WordPress Plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) version 7.6.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 7.6.5 or latest
References
Related Vulnerabilities
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Local File Inclusion (1.3.6.2)
Magento Insufficient Verification of Data Authenticity Vulnerability (CVE-2019-8112)
WordPress Plugin zM Ajax Login & Register Multiple Vulnerabilities (1.0.9)
WordPress Plugin Simple File List Multiple Vulnerabilities (3.2.4)