CVE-2023-2982
published 2023-06-29CVE-2023-2982: The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and…
PriorityP189critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
46.95%
98.7th percentile
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| miniorange | wordpress_social_login_and_register | < 7.6.5 | 7.6.5 |
Detection & IOCsextracted from sources · hover to see the quote
urlPOST / HTTP/1.1 with option=moopenid&email=uzmpvjPBmwEO3tFXq0vlJg%3D%3D&appName=rlHeqZw2vrPzOiWWfCParA%3D%3D↗
- →Detect exploit attempts by monitoring POST requests to WordPress root (/) with the body parameter `option=moopenid`, which is the trigger for the authentication bypass in the Miniorange Social Login plugin. ↗
- →A successful exploitation results in an HTTP 302 redirect response AND the presence of `wordpress_sec_` or `wordpress_logged_in_` cookies being set — monitor for this combination following a POST with `option=moopenid`. ↗
- →The exploit payload uses Base64-encoded (encrypted) values for the `email` and `appName` POST parameters. Look for URL-encoded Base64 strings (e.g., `%3D%3D` padding) in these fields as a signature of exploitation attempts. ↗
- →The vulnerability exists in the plugin file `mo-openid-social-login-functions.php` at line 107. Audit or monitor file integrity of this path in WordPress installations running miniorange-login-openid plugin versions <= 7.6.4. ↗
- →The vulnerability allows unauthenticated attackers to log in as any existing user (including administrators) if they know the target's email address. Monitor for unexpected admin-level session creation without prior authentication flow. ↗
- ·The vulnerability was only partially patched in version 7.6.4 and fully patched in version 7.6.5. Detection rules targeting version checks must account for both 7.6.3 and 7.6.4 as vulnerable. ↗
- ·The Nuclei template targets the WordPress root path (`/`) with `Content-Type: application/x-www-form-urlencoded`. Detection must be scoped to WordPress sites with the miniorange-login-openid plugin installed, as the `option=moopenid` parameter is plugin-specific. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Social Login and Register Plugin up to 7.6.4 on WordPress improper authentication (ID 2924863)
vuldb·2026-04-10·CVSS 9.8
CVE-2023-2982 [CRITICAL] Social Login and Register Plugin up to 7.6.4 on WordPress improper authentication (ID 2924863)
A vulnerability classified as critical was found in Social Login and Register Plugin up to 7.6.4 on WordPress. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to improper authentication.
This vulnerability is registered as CVE-2023-2982. The attack requires access to the local network. No exploit is available.
GHSA
GHSA-rx5f-42wm-7p9j: The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions u
ghsa_unreviewed·2023-06-29
CVE-2023-2982 [CRITICAL] CWE-288 GHSA-rx5f-42wm-7p9j: The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions u
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
VulnCheck
WordPress Social Login and Register plugin for WordPress Authentication Bypass
vulncheck·2023·CVSS 9.8
CVE-2023-2982 [CRITICAL] WordPress Social Login and Register plugin for WordPress Authentication Bypass
WordPress Social Login and Register plugin for WordPress Authentication Bypass
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
Affected: miniorange wordpress_social_login_and_register_\(discord\,_google\,_twitter\,_linkedin\)
Required Action: Apply remediations or mitigations per vendor instruc
No detection rules found.
Nuclei
Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass
nuclei·CVSS 9.8
CVE-2023-2982 [CRITICAL] Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass
Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
Template:
id: CVE-2023-2982
info:
name: Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass
author: ritikchaddha
severity: critical
description: |
The WordPre
Dfir Report
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity
blogs_dfir_report·2023-12-18
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity
From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion Read More
- dragonforce Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs Read More
Services Overview
Threat Hunting
-
Integration
CTI Program Advisory
Incident Response Playbook
About us
Contact Us
Collaboration
Careers
Analysts
Access DFIR Labs
Get in Touch
Public Reports
Products Overview
Threat intel Overview
Threat Feed
Private DFIR Reports
All Intel
Active Defense
DFIR Labs
Case Artifacts
Detection Pack
AI Training Ground
Service Overview
Threat Hunting
Integration
CTI Program Advisory
Incident Response Playbook
Company Overview
About us
Contact Us
Careers
Analyst
SQL Brute Force Leads to BlueSky Ransomware
From OneNote to RansomNote: An Ice Col
Greynoiseio
NoiseLetter September 2025
blogs_greynoiseio
NoiseLetter September 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
HackerOne
Authentication Bypass to (CVE-2023-2982)
hackerone·2023-12-08·CVSS 9.8
CVE-2023-2982 [CRITICAL] Authentication Bypass to (CVE-2023-2982)
Authentication Bypass to (CVE-2023-2982)
An older version of the WordPress plugin `WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)` was in use, which was vulnerable to authentication bypass in cs.money blog.
https://lana.codes/lanavdb/2326f41f-a39f-4fde-8627-9d29fff91443/https://plugins.trac.wordpress.org/browser/miniorange-login-openid/trunk/mo-openid-social-login-functions.php#L107https://plugins.trac.wordpress.org/changeset/2924863/miniorange-login-openidhttps://plugins.trac.wordpress.org/changeset/2925914/miniorange-login-openidhttps://www.wordfence.com/threat-intel/vulnerabilities/id/08ca186a-2486-4a58-9c53-03e9eba13e66?source=cvehttps://lana.codes/lanavdb/2326f41f-a39f-4fde-8627-9d29fff91443/https://plugins.trac.wordpress.org/browser/miniorange-login-openid/trunk/mo-openid-social-login-functions.php#L107https://plugins.trac.wordpress.org/changeset/2924863/miniorange-login-openidhttps://plugins.trac.wordpress.org/changeset/2925914/miniorange-login-openidhttps://www.wordfence.com/threat-intel/vulnerabilities/id/08ca186a-2486-4a58-9c53-03e9eba13e66?source=cve
2023-06-29
Published
Exploited in the wild