The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
The vulnerability results from insufficient verification of user identity returned by a social login token. An attacker who knows a given user's email address and provided that user does not already have an account linked to that social service can exploit this mechanism to log in to the victim's account. Token verification does not properly check the connection between the identity returned by the provider and the actual account on the WordPress site.
An attacker can take complete control over any user account on the website, including administrator accounts, enabling unauthorized access to the management panel, content modification, installation of malicious software, or complete takeover of the WordPress service.
Update the wpDiscuz plugin to a version higher than 7.6.24, in which the fix was introduced according to the change available in the plugin repository (changeset 3164486). It is also recommended to conduct an audit of access logs to detect any potential unauthorized login attempts.
Comments – wpDiscuz plugin (publisher: Gvectors) for WordPress in all versions up to and including 7.6.24
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGvectors Wpdiscuz
APPGvectors< 7.6.25
Related vulnerabilities
SQL Injection w wtyczce WordPress wpDiscuz (getAllSubscriptions)
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, ...
A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers ...
wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users...
Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthent...