CVE-2024-9501

Published Oct 26, 2024

Last updated 20 days ago

CVSS critical 9.8

Overview

Description
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@wordfence.com
CWE-288

Social media

Hype score
Not currently trending

  1. CVE Alert: CVE-2024-9501 - https://t.co/bfhCet1dNX #OSINT #ThreatIntel #CyberSecurity #cve_2024_9501

    @RedPacketSec

    27 Oct 2024

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-9501 The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on th... https://t.co/VPTtCadcEY

    @VulmonFeeds

    26 Oct 2024

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2024-9501: CRITICAL] Security alert: Vulnerability in Wp Social Login WordPress plugin (up to v3.0.7). Authentication bypass allows attackers to log in as any user. Update recommended to secure your site.#cybersecurity,#vulnerability https://t.co/jilaBHnYSt https://t.co/Pq1Q

    @CveFindCom

    26 Oct 2024

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-9501 The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to … https://t.co/ShmLGOOFiI

    @CVEnew

    26 Oct 2024

    786 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Critical vuln in Wp Social Login Plugin for WordPress up to 3.0.7 (CVE-2024-9501). Improper authentication leads to compromised user accounts. Patch immediately & review logs for suspicious activity. #CyberSecurity #PluginSecurity

    @oktsec

    26 Oct 2024

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References