The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user's identity prior to updating their details, like email. This makes it possible for unauthenticated attackers to change arbitrary users' email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. Additionally, the plugin returns authentication cookies in the response, which can be used to access the account directly.

Popular Social Accounts for Cybersecurity

A curated list of reliable cybersecurity social media accounts, ensuring you have direct access to up-to-date security information.

@0xor0ne : CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :)

@3xp0rt : Malware and cybercrime | Cyber Threat Intelligence Analyst at @PRODAFT

@7h3h4ckv157 : Hacker | Hall of Fame: Google, Apple, NASA, X (FKA Twitter) | Speaker: BlackHat MEA x1 | CVE x4 | HTB Rank: Guru | P1 warrior - Bugcrowd | CS Engineer

@Adam Chester : Hacker for Hire at @SpecterOps | Research at http://blog.xpnsec.com

@Aditya Shende : MS Cyber 🇬🇧 | Work @BforeAI | @Bugcrowd Top 100 | Bug Bounty Trainer | Keynote Speaker | Professional Biker | @kong_sec 🇮🇳 | Own Views ≠ Employment

@Alexander Borges : Vulnerability Researcher and Exploit Developer (b. sky: alexandreborges)

@Arkbird : Malware slayer

@Azeria : Sneaky bit flipper | Trainer @azeria_labs | Author of Arm Assembly Internals & RE @BlueFoxBook | Adjunct Professor @SAISHopkins | Forbes 30u30

@Binni Shah : Linux Evangelist, Malwares, Security enthusiast , Investor, Contrarian , Philanthropist , Reformist , Sigma female

@Brett Buerhaus : security research, bug bounty, and puzzles

@Brute Logic : #CyberSecurity | #XSS | #WAF #bypass | #hack2learn | @RodoAssis | @KN0X55 | https://X55.is

@Chetan Nayak : Founder Dark Vortex/Brute Ratel | Former RedTeam

@Chris Evans : CISO and Chief Hacking Officer at HackerOne. Past: Founded {vsftpd, Chrome security, Google Project Zero}; Tesla; Dropbox. Hacker / Researcher. beebjit.

@Clandestine : Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting

@Dark Web Informer : I provide intel from some of the darkest places on the Dark Web & Clearnet. Breaches, Darknet Markets, Ransomware, Threat Alerts, & more!

@Daily OSINT : Daily Open Source Intelligence Powered by @SOCRadar XTI®

@Dan Goodin : Reporter covering security at Ars Technica. DM me on Signal: DanArs.82.

@Dark Reading : One of the most widely read and trusted cybersecurity news sites, providing IT security professionals informed insights into the latest news and trends.

@DarkFeed : Cyber Threat Intelligence Platform, Putting things at order in the ransomware crazy world

@DOCGuard : Analyze Malwares in seconds!

@Dr. Anton Chuvakin : Information security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO

@Enderman : A software engineer, a malware enthusiast and most importantly, a weird tall creature. I poke tech and act surprised when it breaks.

@Eugene Kaspersky : CEO of @Kaspersky. 30+ years in #cybersecurity. Views are my own

@Geekboy : Hacker, Co-Founder @pdiscoveryio, Ex-Security Analyst / BugBounty @Hacker0x01

@Godfather Orwa : Hacker | Bug Hunter | Cooker | Top 3 P1 Warrior On http://bugcrowd.com/OrwaGodfather | http://hackerone.com/mr-hakhak | LevelUpX Champion | 10+ 0Days/CVEs

@Grzegorz Tworek : My own research, unless stated otherwise. Not necessarily "safe when taken as directed".GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-

@hackerfantastic.x : Co-Founder @myhackerhouse & http://dcentral.finance. Cybersecurity & blockchain expert. Author of Hands-on Hacking (ISBN 9781119561453). Offensive Lua. #Web3

@haksec.io : Penetration testing | Cybersecurity consulting | Appsec training | Born in Australia, serving customers globally

@hasherezade : Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer.

@Hussein Daher : Entrepreneur, Hacker

@Igal Lytzki : Security Researcher at @msftsecurity | Ex - Perception Point Threat Analyst & Team Lead

@James Forshaw : Security researcher in Google Project Zero. Author of Attacking Network Protocols.

@James Kettle : Director of Research at PortSwigger aka Burp Suite. Find my research, tools & contact details at https://jameskettle.com

@John DiMaggio : Bad guy chaser, writer/author, espionage & ransomware SME. Sometimes I harass my dog. He is the brains behind these projects and opinions are his.

@John Hammond : Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingCo w/ @ethicalhacker || https://jh.live/training || https://jh.live/newsletter

@Jon Bottarini : Security Stuff @Google - I post about bug bounties, infosec, and everything in between. This is a personal account. Formerly: @Hacker0x01

@Joseph Cox : Hacking/crime/privacy journalist. Author of DARK WIRE. Co-founder of @404mediaco

@Joshua J. Drake : Securing the future through modern technology. Founder and Software Security Specialist at @magnetitesec

@Justin Elze : CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars

@katie Paxton-Fear : Dr, apparently. API Sec @traceableai, Lecturer & Hacker. #BugBounty hunter & #infosec YouTuber. APIs & Interlinked OffSec, PhD in AI+Sec @hacknotcrime. she/her

@klez : Independent Cyber Security Researcher - Opinions are my own

@Kuba Gretzky : Offensive security tools developer. Malware dev, bedroom DJ & ex-MMO game hacker. Creator of Evilginx / Bartender @ BREAKDEV RED.

@Lenny Zeltser : Advances cybersecurity. Grows tech businesses. Fights malware. // CISO at @AxoniusInc. Author and Faculty Fellow at @SANSInstitute. Creator of @REMnux.

@LiveOverFlow : wannabe hacker... he/him

@Luke Stephens : Hacker, marketer. I manage socials and produce amazing technical blogs for cybersecurity orgs. Founder of @hacker_content and @haksecio

@Max_Malyutin : Threat Researcher, Blue Team, DFIR, Malware Analysis, and Reverse Engineering.

@Mohammed Aldoub : Trainer & Cyber Security Consultant, DEFCON, SANS & RSA Speaker,CISSP GWAPT

@mr.d0x : Security researcher | Co-founder http://maldevacademy.com | http://lots-project.com | http://malapi.io | http://filesec.io

@Mr.Un1k0d3r : I don't know how to search on Google so I do research on my own and tweet about it. Hacking as a life style.

@NahamSec : Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01

@Natalie Silvanovich : Tamagotchi Hacker. Google Project Zero. She/her.

@Paula Januszkiewicz : Security Expert | Penetration Tester | CQURE Owner

@proxylife : DFIR | Malware Hunter | @Cryptolaemus1

@pwn() : wannabe polymath

@Rana Khalil : AppSec Team Lead | OSCP | CEO & Instructor of @ranakhalilacad

@Rasta Mouse : Be kind, be brave, be principled.

@Runa Sandvik : Founder of @GranittHQ, securing journalists and at-risk people around the world.

@RussianPanda : Researcher @TRACLabs_ | Threat Hunter | Malware Addict

@S3cur3Th1sSh1t : Pentesting, scripting, pwning!

@Sam Curry : Hacker, bug bounty hunter. Run a blog to better explain web application security.

@Sami Laiho : Chief Research Officer (opinions are my own) / #1 & #2 at Ignite 2018 / Best Session - NIC x 5 / MVP Windows OS / http://win-fu.com / PluralsightAuthor

@Schneier Blog : Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru"

@Shubham Sharma : In cybersecurity, you should be eager to learn new things.

@Smukx.E : #Malware, #RedTeaming. 20 Y/o. Tweets are my thoughts. See Highlights for work related posts.

@Somdev Sangwan : Security Researcher

@STÖK : Hi.. im that hacker / creative that your friends told you about.

@(╯°□°)╯︵ S︵ T︵U : Consulting Director @ Unit42 | ❤️OSINT |✍️ CTI & Analytics book ~2025, Tracelabs Black badge x3 | Ex-@themanyhatsclub | #cyber Views my own not employers

@SwiftOnSecurity : computer security person. former helpdesk.

@Tavis Ormandy : Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine.

@Thomas Roccia : Sr. Threat Researcher @Microsoft, Malware Warlock, ThreatIntel, Python🧡 - Former @McAfee_labs, Goon @Defcon, Creator #UnprotectProject - Tweets = my own

@Tib3rius : Web App Hacker @NetSPI | Educator | Content Creator | UwU-Anointed Wapp King | Ex-Brit | http://linktr.ee/tib3rius (he/him) 🇺🇸 @illyrian598 is BFF.

@TomNomNom : Open-source tool maker/hacker. Author of gron, anew, and a dozen dinky security tools. He/him. Tools: github.com/tomnomnom

@Trend Zero Day Initiative : Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.

@Unit 42 : The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.

@Vx Underground : The largest collection of malware source code, samples, and papers on the internet.

@Will Schroeder : Researcher @SpecterOps. Coding towards chaotic good while living on the decision boundary.

@x86matthew : C / asm / system emulation / reverse engineering.

@zseano : #1 Amazon Security Researcher. hacking with @jonathanbouman @fransrosen @avlidienbrunn