4 matches found
CVE-2025-9857
The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HeateorFacebookLogin' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This make...
WordPress Heateor Login plugin cross-site scripting vulnerability
WordPress Heateor Login plugin is a social login plugin for WordPress, which supports users to realize one-click login and registration function through 23 social networks such as Facebook, Twitter, LinkedIn, Google and so on. A cross-site scripting vulnerability exists in the WordPress Heateor...
CVE-2025-9857 Heateor Login – Social Login Plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HeateorFacebookLogin' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This make...
PT-2025-37023
Name of the Vulnerable Software and Affected Versions: Heateor Login – Social Login Plugin versions prior to 1.1.9 Description: The Heateor Login – Social Login Plugin for WordPress is susceptible to Stored Cross-Site Scripting via the Heateor Facebook Login shortcode due to insufficient input...