CVE-2024-9501 – Cisco Mercury Social Login Authentication Bypass

10月 26, 2024
2:16 pm

CVE ID : CVE-2024-9501

Published : Oct. 26, 2024, 1:15 p.m. | 1 hour, 1 minute ago

Description : The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-9501 – Cisco Mercury Social Login Authentication Bypass

Elvescore.io

Recent Posts

CVE-2024-8447 – Narayana LRA Coordinator Denial of Service Vulnerability

CVE-2024-48197 – Audiocodes MP-202b Cross Site Scripting Privilege Escalation

CVE-2024-56199 – phpMyFAQ HTML Injection Vulnerability

CVE-2025-0173 – SourceCodester Online Eyewear Shop SQL Injection Vulnerability

CVE-2024-11716 – CTFd Team Bracket Reassignment Vulnerability ( Privilege Escalation )

CVE-2024-11717 – CTFd TokenForgeable Authentication

CVE-2024-9501 – Cisco Mercury Social Login Authentication Bypass

CVE-2024-9501 – Cisco Mercury Social Login Authentication Bypass