Vulnerability Description
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to enable and disable certain providers for the social share and login features.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpmet | Wp Social Login And Register Social Counter | <= 3.0.0 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4f145c85-f3c6-46a7-b8aThird Party Advisory
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4f145c85-f3c6-46a7-b8aThird Party Advisory
FAQ
What is CVE-2024-1763?
CVE-2024-1763 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all...
How severe is CVE-2024-1763?
CVE-2024-1763 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1763?
Check the references section above for vendor advisories and patch information. Affected products include: Wpmet Wp Social Login And Register Social Counter.