Share
## https://sploitus.com/exploit?id=13A3CBAF-7046-516F-BACE-F8E7DC2C85F4
# CVE-2023-2982
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass

WordPress社交登录和注册(Discord,Google,Twitter,LinkedIn)<=7.6.4-绕过身份验证


Info
---
`
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
`

`
WordPress的社交登录和注册(Discord、谷歌、推特、领英)插件在7.6.4之前(含7.6.4)的版本中易受身份验证绕过的影响。这是由于在通过插件验证的登录过程中提供的用户加密不足。这使得未经身份验证的攻击者有可能以网站上任何现有用户(如管理员)的身份登录,前提是他们知道与该用户相关的电子邮件地址。这在版本7.6.4中进行了部分修补,在版本7.6.5中进行了完全修补。
`

`This exploit will crawl the website for any email addresses it can find and try them if an email address it not supplied.`

`此漏洞将在网站上爬网它能找到的任何电子邮件地址,并在没有提供电子邮件地址的情况下进行尝试`

Requires
---
* Katana - `go install github.com/projectdiscovery/katana/cmd/katana@latest`
* Nuclei - `go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest`


Usage
---
```
usage: CVE-2023-2982.py [-h] -w WEBSITE_URL [-e EMAIL]

CVE-2023-2982.py

options:
  -h, --help            show this help message and exit
  -w WEBSITE_URL, --website_url WEBSITE_URL
                        Website URL
  -e EMAIL, --email EMAIL
                        Email
```