CVE-2024-34675
CVSS 3.1 Score 4.6 of 10 (medium)
Details
Summary
CVE-2024-9946 is a vulnerability affecting the Super Socializer plugin for WordPress, which allows for authentication bypass in all versions up to 7.13.68. This issue arises due to insufficient verification on the user returned by the social login token, making it possible for unauthenticated attackers to log in as any existing user on the site. Email addresses are required for exploitation, and administrator accounts are not accessible by default, but are at risk if administrator authentication has been permitted via social login. The vulnerability was partially addressed in version 7.13.68.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.