CVE-2023-2982

CRITICAL EXPLOITED NUCLEI

WordPress Social Login and Register <= 7.6.4 - Authentication Bypass via Insufficient Encryption

Title source: llm

Exploitation Summary

CVE-2023-2982 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including RandomRobbieBF, H4K6, wshinkle. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits an authentication bypass vulnerability in the WordPress Social Login and Register plugin (CVE-2023-2982) by encrypting and encoding an email address to bypass login validation. It can either test a specific email or crawl the target website for emails using Katana and Nuclei.

Description

The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.

Exploits (4)

nomisec WORKING POC 82 stars

by RandomRobbieBF · remote

https://github.com/RandomRobbieBF/CVE-2023-2982

View Code ZIP pw:eip

This PoC exploits an authentication bypass vulnerability in the WordPress Social Login and Register plugin (CVE-2023-2982) by encrypting and encoding an email address to bypass login validation. It can either test a specific email or crawl the target website for emails using Katana and Nuclei.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4

No auth needed

Prerequisites: Target website URL · Optional: Valid email address associated with a user account

MITRE ATT&CK

T1110 - Brute Force T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 8 stars

by H4K6 · remote

https://github.com/H4K6/CVE-2023-2982-POC

View Code ZIP pw:eip

This PoC exploits an authentication bypass vulnerability in WordPress Social Login and Register plugin by encrypting and encoding an email address to bypass login validation. It can either use a provided email or crawl the target website for emails using Katana and Nuclei.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4

No auth needed

Prerequisites: Target website URL · Optional: Valid email address associated with a user account

MITRE ATT&CK

T1110.001 - Password Guessing T1589 - Gather Victim Identity Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by wshinkle · infoleak

https://github.com/wshinkle/CVE-2023-2982

View Code ZIP pw:eip

This PoC exploits CVE-2023-2982 by encoding email and app name using AES-ECB encryption and sending them to a target host to bypass authentication. It checks for WordPress cookies in the response to confirm successful exploitation.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WordPress with miniOrange's OpenID Connect plugin

No auth needed

Prerequisites: Target host running vulnerable WordPress plugin · Network access to the target

MITRE ATT&CK

T1110 - Brute Force T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by LoaiEsam37 · client-side

https://github.com/LoaiEsam37/CVE-2023-2982

View Code ZIP pw:eip

This PoC exploits CVE-2023-2982, an authentication bypass vulnerability in miniOrange's Social Login and Register plugin for WordPress. It automates the login process by encrypting and encoding email addresses, then attempting to authenticate via a crafted POST request.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: miniOrange Social Login and Register plugin for WordPress (versions <= 7.6.4)

No auth needed

Prerequisites: Target WordPress site with vulnerable miniOrange plugin · List of potential user emails in input.txt

MITRE ATT&CK

T1110 - Brute Force T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass

CRITICALVERIFIEDby ritikchaddha

References (5)

Core 5

Core References

Product

https://lana.codes/lanavdb/2326f41f-a39f-4fde-8627-9d29fff91443/

Product

https://plugins.trac.wordpress.org/browser/miniorange-login-openid/trunk/mo-openid-social-login-functions.php#L107

Product

https://plugins.trac.wordpress.org/changeset/2924863/miniorange-login-openid

Product

https://plugins.trac.wordpress.org/changeset/2925914/miniorange-login-openid

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/08ca186a-2486-4a58-9c53-03e9eba13e66?source=cve

Scores

CVSS v3 9.8

EPSS 0.7012

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2023-12-18

CWE

CWE-288

Status published

Products (2)

cyberlord92/miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) < 7.6.4

miniorange/wordpress_social_login_and_register_\(discord\,_google\,_twitter\,_linkedin\) < 7.6.5

Published Jun 29, 2023

Tracked Since Feb 18, 2026