The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the website.
Vulnerabilities
In the Lana Codes Vulnerability Database (LANAVDB), we collect the vulnerabilities we discover in other systems and provide detailed analysis and descriptions.
By: 
Social Login and Register by miniOrange WordPess plugin Authentication Bypass
The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the website.
WCFM – WooCommerce Multivendor Membership by WC Lovers WordPress plugin Privilege Escalation
The plugin is affected by an Unauthenticated Insecure Direct Object Reference (IDOR) to Arbitrary User Email Change vulnerability, witch leads to User Password Reset, which leads to Privilege Escalation. The plugin has an insecurely used variable allowing to change the user email, and gain unauthorized access.
WP User Switch by IqbalRony WordPress plugin Authentication Bypass
The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the admin’s username, which we can use to bypass authorization, then we can log in as any user from the user switch list.
User Registration by WPEverest WordPess plugin Arbitrary File Upload
The plugin was affected by an Arbitrary File Upload vulnerability. Due to a hardcoded encryption key and a missing file type validation, it is even possible to upload a php file to the website.