CVE-2024-10020

Summary

CVE-2024-10020 is a vulnerability affecting the Heateor Social Login plugin for WordPress. The issue, present in all versions up to 1.1.35, stems from insufficient user verification during the social login process. As a result, unauthenticated attackers can potentially log in as any existing user, provided they have access to the user's email and the user does not already have an account for the affected service. This could lead to unauthorized access and potential data compromise. Importantly, while administrator accounts cannot be accessed by default in this way, they remain vulnerable if explicit social login authentication for administrators has been enabled.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.