Tracked as CVE-2023-2982 (CVSS score: 9.8), the authentication bypass flaw affects all versions of the plugin up to and including 7.6.4. This was addressed on June 14, 2023, with the release of version 7.6.5 following the attributed disclosure on June 2, 2023.
Wordfence researcher Istvan Maarten said, “This vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site, including accounts used to administer the site, if the attacker obtains the associated email addresses.”
The problem lies in the fact that the encryption key used to secure the information during login using social media accounts is hard-coded, thus creating a situation where attackers can use the information to identify the user. Can create a valid request with the appropriate encrypted email address.
If the account belongs to a WordPress site administrator, this could result in a complete compromise. The plugin is used on over 30,000 sites.
This advisory comes after the discovery of a high-severity flaw affecting the Learndash LMS plugin, a WordPress plugin with over 100,000 active installations, that could allow any user with an existing account to reset arbitrary user passwords including users with administrator access.
The bug (CVE-2023-3105, CVSS score: 8.8), has been patched in version 4.6.0.1, which shipped on June 6, 2023.
This comes a few weeks after Patchstack detailed a cross-site request forgery (CSRF) vulnerability in the UpdraftPlus plugin (CVE-2023-32960, CVSS score: 7.1), which could allow an unauthenticated attacker to steal sensitive data and kill users. may allow him to escalate the privilege by cheating. With administrative permission to visit a generated WordPress site URL.
