WordPress.MiniOrange.Social.Login.Plugin.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass vulnerability in WordPress MiniOrange Social Login and Register Plugin.
The vulnerability is caused by a static encryption value used when authenticating a user. An unauthenticated attacker can exploit this with a crated request to gain the privileges of any user, including administrators.
Affected Products
WordPress MiniOrange Social Login and Register Plugin versions prior to 7.6.5
Impact
Security Bypass: Remote attackers can bypass security features of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://en-ca.wordpress.org/plugins/miniorange-login-openid/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |