CVE-2021-24647 Scanner

Vulnerability Overview

Pie Register, a plugin for creating custom registration forms on WordPress, has a critical security flaw in its social login process. This flaw permits attackers to bypass authentication mechanisms, potentially logging in as any user by merely knowing their user ID or username.

Vulnerability Details

The issue lies within the social login functionality of Pie Register versions prior to 3.7.1.6. Specifically, an attacker can send a crafted POST request to the login URL with manipulated parameters (social_site=true and a user-defined user_id_social_site) to achieve unauthorized access to any user account.

Possible Effects

Successful exploitation allows an attacker to:

• Access private user information.
• Perform actions with the privileges of the compromised user, including administrative tasks.
• Potentially escalate privileges or exploit further vulnerabilities within the site.

Why Choose SecurityForEveryone

SecurityForEveryone offers a comprehensive platform to detect vulnerabilities like CVE-2021-24647, providing users with:

• Automated scanning tools designed for precision and efficiency.
• Expert guidance on vulnerability remediation to secure your digital assets.
• Access to a wide range of security resources and updates on the latest cyber threats. Joining SecurityForEveryone empowers you with the knowledge and tools needed to defend against sophisticated cyber attacks, ensuring the safety and integrity of your online presence.

References

• CVE-2021-24647 on NVD
• CVE-2021-24647 Exploit on GitHub
• WPScan Vulnerability Database Entry