{"vulnerability": "CVE-2023-2982", "sightings": [{"uuid": "52071654-f5ed-4996-826b-5ac5fcded059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4652", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aWordPress\u793e\u4ea4\u767b\u5f55\u548c\u6ce8\u518c\uff08Discord\uff0cGoogle\uff0cTwitter\uff0cLinkedIn\uff09<=7.6.4-\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\nURL\uff1ahttps://github.com/H4K6/CVE-2023-2982-POC\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-30T09:20:45.000000Z"}, {"uuid": "b67f7c47-97d2-4974-9248-893e6a6ec81a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29820", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2931", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-29820\n\ud83d\udd39 Description: An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819.\n\ud83d\udccf Published: 2023-05-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-24T15:32:14.167Z\n\ud83d\udd17 References:\n1. http://secureanywhere.com\n2. http://webroot.com\n3. https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/", "creation_timestamp": "2025-01-24T16:04:57.000000Z"}, {"uuid": "4e0a9005-a7e7-4037-b537-3fd6c23ac456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "seen", "source": "https://t.me/ctinow/154194", "content": "https://ift.tt/5O04srF\nCS Money: Authentication Bypass to (CVE-2023-2982)", "creation_timestamp": "2023-12-08T16:12:16.000000Z"}, {"uuid": "3f5c29e2-45b5-44fc-9949-f36d37e44bf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "seen", "source": "Telegram/EzQ1sn4uQVxms1w_5hRzjAPq-v3dCsokZLPWs4bgbpnxCg", "content": "", "creation_timestamp": "2023-06-29T11:47:25.000000Z"}, {"uuid": "d059868f-3d15-45ce-aced-10dec840c67d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "seen", "source": "Telegram/0j9RiUtANMlZahTVTcoqqQ9viONXGRsshr4wPyn2KBBtxtU", "content": "", "creation_timestamp": "2023-06-29T13:16:54.000000Z"}, {"uuid": "277fcc86-6843-4e49-a73d-95e74b4f6246", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "seen", "source": "https://t.me/KomunitiSiber/422", "content": "Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts\nhttps://thehackernews.com/2023/06/critical-security-flaw-in-social-login.html\n\nA critical security flaw has been disclosed in miniOrange's\u00a0Social Login and Register plugin\u00a0for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known.\nTracked as CVE-2023-2982 (CVSS score: 9.8), the authentication bypass flaw impacts all versions of the plugin, including and prior to 7.6.4. It was addressed on June 14, 2023", "creation_timestamp": "2023-06-29T10:23:55.000000Z"}, {"uuid": "730a8dd8-0bf6-4c55-b395-f08d2f2141a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "seen", "source": "https://t.me/proxy_bar/1600", "content": "CVE-2023-2982\nWordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass \nexploit\n\ud83d\udd25\ud83d\udd25\ud83d\udd25", "creation_timestamp": "2023-06-30T10:04:22.000000Z"}, {"uuid": "ed041e67-6f0c-49ca-b1b9-b389ecac269b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3103", "content": "Tools \ud83d\udd27 \ud83d\udd28 \ud83d\udd27  - Hackers Factory \n\n\u200b\u200bNosey Parker\n\nA command-line program that finds secrets and sensitive information in textual data and Git history.\n\nhttps://github.com/praetorian-inc/noseyparker\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200b\ud83d\udee1 eBPFShield\n\nA high-performance security tool that utilizes eBPF and Python to provide real-time IP-Intelligence and DNS monitoring. \n\nhttps://github.com/sagarbhure/eBPFShield\n\n#cybersecurity #infosec\n\n\u200b\u200bNetSoc #OSINT\n\nTool focused on extracting information from an account in various Social Networks.\n\nhttps://github.com/XDeadHackerX/NetSoc_OSINT\n\n#cybersecurity #infosec\n\n\u200b\u200bcloudtoolkit\n\nCloud Penetration Testing Toolkit\n\nhttps://github.com/404tk/cloudtoolkit\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bTomcatBackdoorPoC\n\nTomcat backdoor based on CS blog.\n\nhttps://github.com/HackingLZ/TomcatBackdoorPoC\n\nDetails:\nhttps://bit.ly/437Myhb\n\n#infosec #pentesting #redteam\n\n\u200b\u200bNoMoreCookies\n\nBrowser Protector against various stealers, written in C# & C/C++. Works by hooking NtCreateFile and prevent accessing browser files, in addition to prevent it's unhooking. compatible with various games and software.\n\nhttps://github.com/AdvDebug/NoMoreCookies\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-28252\n\nUnderstanding the cve-2022-37969 windows common log file system driver local privilege escalation.\n\nhttps://github.com/fortra/CVE-2023-28252\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-2982\n\nWordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass.\n\nhttps://github.com/RandomRobbieBF/CVE-2023-2982\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-3338\n\nPracticing different Linux kernel exploitation techniques with my DECnet vulnerability and null page mapping enabled.\n\nhttps://github.com/TurtleARM/CVE-2023-3338\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2020-9289\n\nDecrypt reversible secrets encrypted using the default hardcoded key related to CVE-2020-9289 on FortiAnalyzer/FortiManager (the only difference with CVE-2019-6693 is the encryption routine).\n\nhttps://github.com/synacktiv/CVE-2020-9289\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bPDFator\n\nInfoSec project that consists of a Python script and a C application to generate an executable payload. The payload includes functionality to write and execute a PDF file and execute shellcode. Both the PDF file and shellcode are encrypted using XOR and decrypted at runtime.\n\nhttps://github.com/smokeme/PDFator\n\n#cybersecurity #infosec\n\n\u200b\u200bUscrapper \n\n#OSINT tool that allows users to extract various personal information from a website. It leverages web scraping techniques and regular expressions to extract email addresses, social media links, author names, geolocations, phone numbers, and usernames from both hyperlinked and non-hyperlinked sources on the webpage.\n\nhttps://github.com/z0m31en7/Uscrapper\n\n#cybersecurity #infosec\n\n\u200b\u200bGold Digger\n\nA simple tool used to help quickly discover sensitive information in files recursively. Originally written to assist in rapidly searching files obtained during a penetration test.\n\nhttps://github.com/ustayready/golddigger\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bLinux-Exploit-Detection\n\nLinux-based vulnerabilities (CVE) exploit detection through runtime security using Falco/Osquery/Yara/Rego/Sigma.\n\nhttps://github.com/Loginsoft-Research/Linux-Exploit-Detection\n\n#cybersecurity #infosec\n\n\u200b\u200bdynmx \n\nSignature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces.\n\nhttps://github.com/0x534a/dynmx\n\n#cybersecurity #infosec\n\n\u200b\u200bjsluice\n\nExtract URLs, paths, secrets, and other interesting bits from JavaScript.\n\nhttps://github.com/BishopFox/jsluice\n\n#infosec #pentesting #bugbounty\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-07-06T11:08:24.000000Z"}, {"uuid": "82c50287-b245-4d66-a000-6366d9eb8f6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "published-proof-of-concept", "source": "Telegram/rQMVu4dwJRh1-j8AkvL2ouV19FMmA1TDUkwtOokmEHAkfA", "content": "", "creation_timestamp": "2023-07-01T09:06:39.000000Z"}, {"uuid": "8c7d08ad-a599-459d-996e-4b3a2a2ec6ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/823", "content": "CVE-2023-2982 : WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <=7.6.4 - Authentication Bypass\nPOC : https://github.com/H4K6/CVE-2023-2982-POC", "creation_timestamp": "2023-08-15T04:30:37.000000Z"}, {"uuid": "f4a44588-f839-4654-853b-dcbc4817eaab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/5243", "content": "CVE-2023-2982\n\nWordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass\n\nGithub \n\n#bypass #wordpress\n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-06-30T13:05:41.000000Z"}, {"uuid": "a6fc0e5f-d237-4d8e-8a0e-b3351062735f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "seen", "source": "Telegram/hsGTKsO2ItX_AklXAGGZUWm8K-GasNSZL4ciHpnGFNK2eb4", "content": "", "creation_timestamp": "2023-07-05T19:13:39.000000Z"}, {"uuid": "cbb5eec0-b07f-45d9-a932-be4239cef492", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29820", "type": "seen", "source": "https://t.me/cibsecurity/63994", "content": "\u203c CVE-2023-29820 \u203c\n\nAn issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-12T14:26:48.000000Z"}, {"uuid": "a2358a88-34e2-4f08-b026-465f3a1bbf4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/1393", "content": "WordPress Social Login and Register Authentication Bypass\n\n#AuthenticationBypass #WordPress #Exploit #Malware #Vulnerability\n#Hacking #Bugbounty #RedTeam #bugs #CVE-2023-2982 #Nuclei\n\nhttps://reconshell.com/wordpress-social-login-and-register-authentication-bypass/", "creation_timestamp": "2023-06-30T12:41:37.000000Z"}, {"uuid": "efced05c-1dbb-4ceb-830c-aa50362850cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "published-proof-of-concept", "source": "https://t.me/jokerplstaeen/18627", "content": "\u200b\u200bCVE-2023-2982\n\nWordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass.\n\nhttps://github.com/H4K6/CVE-2023-2982-POC\n\n#cve #cybersecurity #infosec", "creation_timestamp": "2023-07-04T18:25:14.000000Z"}, {"uuid": "94d1b4c2-29df-4a67-a268-86596d482d42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3780", "content": "\ud83d\udd10DATALEAKS:\n\n\ud83d\udcccSocial Security Administration USA (SSA.gov) Leak : https://www.system32.ink/2023/06/social-security-administration-usa.html\n\n\ud83d\udcccElectrical4all (electrical4all.co.uk) UK Data Leak : https://www.system32.ink/2023/06/electrical4all-electrical4allcouk-uk.html\n\n\ud83d\udcccAuraXR (Mexican 'extended reality' company) DATA Leak : https://www.system32.ink/2023/06/auraxr-mexican-extended-reality-company.html\n\n\ud83d\udcccQWERT SYSTEM (South Korean POS systems) Leak : https://www.system32.ink/2023/06/qwert-system-south-korean-pos-systems.html\n\n\ud83d\udcccTelstra MyRewards (Australian rewards/coupon service) Data Leak : https://www.system32.ink/2023/06/telstra-myrewards-australian.html\n\n\ud83d\udcccDoctorAki (Colombian health website) Data Leak : https://www.system32.ink/2023/06/doctoraki-colombian-health-website-data.html\n\n\ud83d\udcccNovaPay data leak : https://www.system32.ink/2023/06/novapay-data-leak.html\n\n\ud83d\udccc3S Castle Real Estate (3skalegayrimenkul.com.tr) Data Leak : https://www.system32.ink/2023/06/3s-castle-real-estate.html\n\n\ud83e\uddeeExploits: \n\n\ud83d\udcccCVE-2023-34843 POC Traggo/server : https://www.system32.ink/2023/06/cve-2023-34843-poc-traggoserver.html\n\n\ud83d\udcccCVE-2023-2982 Exploit WordPress Social Login and Register Plugin : https://www.system32.ink/2023/06/cve-2023-2982-exploit-wordpress-social.html\n\n\ud83d\udee0Tools:\n\n\ud83d\udcccATSCAN SCANNER - Advanced dork Search & Mass Exploit Scanner : https://www.system32.ink/2023/06/atscan-scanner-advanced-dork-search.html\n\n\ud83d\udcccDecrypt FortiManager configuration secrets (CVE-2020-9289) : https://www.system32.ink/2023/06/decrypt-fortimanager-configuration.html\n\n\ud83d\udcccNoMoreCookies - Browser Protector against various Stealers : https://www.system32.ink/2023/06/nomorecookies-browser-protector-against.html\n\n\ud83d\udc00RAT:\n\n\ud83d\udcccEverspy v1.1 Rat : https://www.system32.ink/2023/06/everspy-v11-rat-cracked-download.html\n\n\ud83e\udee5SCAMPAGE:\n\n\ud83d\udcccBellco Credit Union Scampage : https://www.system32.ink/2023/06/bellco-credit-union-phishing-page.html", "creation_timestamp": "2023-06-30T15:51:30.000000Z"}, {"uuid": "d70d94cc-4633-47b4-a6de-b27e792b36ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29824", "type": "seen", "source": "https://t.me/cibsecurity/66165", "content": "\u203c CVE-2023-29824 \u203c\n\nA use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T00:20:39.000000Z"}, {"uuid": "b2ec97fa-d976-4e9a-9e74-d6a58cf7dd3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29827", "type": "seen", "source": "https://t.me/cibsecurity/63298", "content": "\u203c CVE-2023-29827 \u203c\n\nejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-04T18:33:20.000000Z"}, {"uuid": "b6318ca5-4850-470c-8653-3386e2a0fca3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2982", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8602", "content": "#exploit\n1. CVE-2023-2982:\nWordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <=7.6.4 - Authentication Bypass\nhttps://github.com/H4K6/CVE-2023-2982-POC\n\n2. CVE-2023-2934:\nChrome Mojo Message Validation Bypass\nhttps://packetstormsecurity.com/files/173259/Chrome-Mojo-Message-Validation-Bypass.html\n\n3. CVE-2023-3439:\nLinux MCTP UaF in mctp_sendmsg\nhttps://seclists.org/oss-sec/2023/q3/0", "creation_timestamp": "2023-07-03T17:03:55.000000Z"}, {"uuid": "cd4f5c46-20a2-47e5-a398-95a518972a87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29827", "type": "seen", "source": "https://bsky.app/profile/andresbohren.bsky.social/post/3mmubm7gb3s22", "content": "\ud83d\udea8New #JabraDirect Version has been published\n- Addresses several vulnerabilities:\nCVE-2025-22871, CVE-2024-24790, CVE-2023-24531, CVE-2023-29827\ntinyurl.com/5f7mmkvf", "creation_timestamp": "2026-05-27T19:48:15.994136Z"}]}