cleantalk
Vulnerabilities and Security Researches

BP Social Connect, CVE-2023-2704

CVE, Research URL

CVE-2023-2704

Home page URL

Security reports for BP Social Connect

Application

BP Social Connect

Published on
May 19, 2023
Research Description
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
Affected versions
Min -, max 1.6.2.
Status
vulnerable
Previous vulnerability researches
BP Social Connect (CVE-2025-32493) , Apr 11, 2025
BP Social Connect (CVE-2023-2704) , Jun 07, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025