Wordfence Vulnerability Report

  • mcmwebsol

    (@mcmwebsol)


    8 months, 1 week ago

    Is this going to get fixed soon?

    The Plugin “Social Login, Social Sharing by miniOrange” has a security vulnerability.Type: Plugin Vulnerable

    Critical

    The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username and the user does not have an already-existing account for the service returning the token.

Viewing 1 replies (of 1 total)
  • svedu

    (@svedu)

    2 months, 2 weeks ago

    Wow. This was discovered over 5 months ago…. yet there is no fix so far? Wonder if MO intends for everyone to uninstall the plugin. I like it otherwise, but can’t take chances with security. So, unless there is an update in the next few days, I may have to uninstall this plugin.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.