Wp Social Login and Register Social Counter < 3.0.1 – Missing Authorization to Unauthenticated Social Login/Share Status Update | CVE 2024-1763 | Plugin Vulnerabilities

Description

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to enable and disable certain providers for the social share and login features.

Affects Plugins

Fixed in 3.0.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/4f145c85-f3c6-46a7-b8ae-d486dd23087d

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Verified

No

WPVDB ID

169bb355-8eef-4785-8c3c-1b8d54e7e61a

Timeline

Publicly Published

2024-02-29 (about 2 years ago)

Added

2024-02-29 (about 2 years ago)

Last Updated

2024-02-29 (about 2 years ago)

Other

Published

Title

Published

2025-10-07

Title

Chartify < 3.6.0 - Missing Authentication for Administrative Function

Published

2023-03-28

Title

Elementor Pro < 3.11.7 - Subscriber+ Arbitrary Options Update

Published

2023-10-25

Title

kk Star Ratings < 5.4.6 - Missing Authorization

Published

2025-12-28

Title

H5P < 1.16.2 - Missing Authorization

Published

2024-06-21

Title

Hercules Core < 6.7 - Missing Authorization to Settings Update