cleantalk
Vulnerabilities and Security Researches

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn), CVE-2024-11087

CVE, Research URL

CVE-2024-11087

Home page URL

Security reports for WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)

Application

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)

Published on
Mar 08, 2025
Research Description
The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username and the user does not have an already-existing account for the service returning the token.
Affected versions
Min -, max 200.3.9.
Status
vulnerable
Previous vulnerability researches
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) (CVE-2024-11087) , Mar 09, 2025
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) (92a8d2abbf57eff4cf1052d3f99e9038455a99ac) , Jun 07, 2024
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) (CVE-2023-23710) , Jun 07, 2024
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) (CVE-2023-23706) , Jun 07, 2024
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) (CVE-2023-47683) , Jun 07, 2024
New vulnerability
RomethemeKit For Elementor (CVE-2024-10326) , Mar 10, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Shortcode Cleaner Lite (CVE-2025-1481) , Mar 09, 2025
All-in-One Addons for Elementor – WidgetKit (CVE-2024-10321) , Mar 09, 2025
SMTP by BestWebSoft (CVE-2024-13908) , Mar 09, 2025