Published On: Aug 16, 2024 18:36
Advisory No: TZCERT-SA-24-0010
Source: woo-social-login
Software Affected: woo-social-login
WordPress is vulnerable to a critical vulnerability. Exploitation of this vulnerability makes it possible for unauthenticated privilege escalation.
WordPress plugin woo-social-login is affected by the vulnerability tracked as CVE-2024-6636 with CVSS score of 9.8. The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function. The attackers can exploit the vulnerability to change the default role to Administrator while registering for an account.
Successful exploitation of this vulnerability may allow an attacker to gain unauthorized administrative access to the WordPress site.
WordPress has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.