Security for everyone

CVE-2021-24647 Scanner

Detects 'Unauthenticated Arbitrary Login' vulnerability in Pie Register plugin for WordPress affects v. before 3.7.1.6.

SCAN NOW

Short Info


Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2021-24647 Scanner Detail

Vulnerability Overview

Pie Register, a plugin for creating custom registration forms on WordPress, has a critical security flaw in its social login process. This flaw permits attackers to bypass authentication mechanisms, potentially logging in as any user by merely knowing their user ID or username.

Vulnerability Details

The issue lies within the social login functionality of Pie Register versions prior to 3.7.1.6. Specifically, an attacker can send a crafted POST request to the login URL with manipulated parameters (social_site=true and a user-defined user_id_social_site) to achieve unauthorized access to any user account.

Possible Effects

Successful exploitation allows an attacker to:

  • Access private user information.
  • Perform actions with the privileges of the compromised user, including administrative tasks.
  • Potentially escalate privileges or exploit further vulnerabilities within the site.

Why Choose SecurityForEveryone

SecurityForEveryone offers a comprehensive platform to detect vulnerabilities like CVE-2021-24647, providing users with:

  • Automated scanning tools designed for precision and efficiency.
  • Expert guidance on vulnerability remediation to secure your digital assets.
  • Access to a wide range of security resources and updates on the latest cyber threats. Joining SecurityForEveryone empowers you with the knowledge and tools needed to defend against sophisticated cyber attacks, ensuring the safety and integrity of your online presence.

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture