CVE-2023-47683
WordPress Social Login, Social Sharing by miniOrange plugin <= 7.6.6 - Authenticated Privilege Escalation vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6.
Una vulnerabilidad de gestiĆ³n de privilegios incorrecta en miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) permite la escalada de privilegios. Este problema afecta a miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): desde n/a hasta 7.6.6 .
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 7.6.6. This is due to the plugin improperly restricting user meta values that can be updated and allowing users to control a user role update during a social login through the custom registration form. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. We believe that this vulnerability requires the Custom Registration Add-on to be enabled, however, this is simply based on our assessment with the limited information available.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-11-08 CVE Reserved
- 2023-11-09 CVE Published
- 2024-05-18 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
- CAPEC-233: Privilege Escalation
References (1)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Miniorange Login Openid Search vendor "Miniorange Login Openid" | Miniorange Login Openid Search vendor "Miniorange Login Openid" for product "Miniorange Login Openid" | >= 0.0.0 <= 7.6.6 Search vendor "Miniorange Login Openid" for product "Miniorange Login Openid" and version " >= 0.0.0 <= 7.6.6" | en |
Affected
|