CVE-2021-24647

Summary

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username

Affected Software

VendorProductVersion RangeStatus
UnknownRegistration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes3.1.7.6 < 3.1.7.6affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References