Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0.
History

Mon, 09 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Miniorange
Miniorange wordpress Social Login And Register \(discord\, Google\, Twitter\, Linkedin\)
CPEs cpe:2.3:a:miniorange:wordpress_social_login_and_register_\(discord\,_google\,_twitter\,_linkedin\):*:*:*:*:*:*:*:*
Vendors & Products Miniorange
Miniorange wordpress Social Login And Register \(discord\, Google\, Twitter\, Linkedin\)
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 09 Dec 2024 11:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0.
Title WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.6.0 - Arbitrary Content Deletion vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-12-09T11:31:33.468Z

Updated: 2024-12-09T15:04:18.587Z

Reserved: 2023-02-06T12:38:05.559Z

Link: CVE-2023-25455

cve-icon Vulnrichment

Updated: 2024-12-09T14:58:08.147Z

cve-icon NVD

Status : Received

Published: 2024-12-09T13:15:23.460

Modified: 2024-12-09T13:15:23.460

Link: CVE-2023-25455

cve-icon Redhat

No data.