The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'eltdf_membership_check_facebook_user' and the 'eltdf_membership_login_user_from_social_network' function. This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site which can easily be created by default through the temp user functionality, and access to the administrative user's email.
The plugin improperly handles the user login process after data verification through the 'eltdf_membership_check_facebook_user' and 'eltdf_membership_login_user_from_social_network' functions. Verified data is not properly linked to the login session, allowing an attacker to bypass the authentication mechanism. The attacker must have an existing account on the site (which can be easily created through the default temporary user functionality) and know the administrator account email address, after which they can log in to that account without knowing the password.
An attacker can gain full administrative access to the WordPress website, enabling takeover of the service, data theft, installation of malicious software, and modification or deletion of page content.
Apply patches available from the vendor according to references. Additionally, it is recommended to disable the temporary user registration functionality if not required, and monitor access logs for suspicious login attempts.
Elated Membership plugin for WordPress in all versions up to and including 1.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H