Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/09/12 7:11 a.m.4 views

CVE-2025-9857

The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HeateorFacebookLogin' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

6.4CVSS5AI score0.00216EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/12 12:0 a.m.2 views

WordPress Heateor Login plugin cross-site scripting vulnerability

WordPress Heateor Login plugin is a social login plugin for WordPress, which supports users to realize one-click login and registration function through 23 social networks such as Facebook, Twitter, LinkedIn, Google and so on. A cross-site scripting vulnerability exists in the WordPress Heateor...

6.4CVSS5.9AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/10 6:38 a.m.4 views

CVE-2025-9857 Heateor Login – Social Login Plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HeateorFacebookLogin' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

6.4CVSS4.6AI score0.00216EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.6 views

PT-2025-37023

Name of the Vulnerable Software and Affected Versions: Heateor Login – Social Login Plugin versions prior to 1.1.9 Description: The Heateor Login – Social Login Plugin for WordPress is susceptible to Stored Cross-Site Scripting via the Heateor Facebook Login shortcode due to insufficient input...

6.4CVSS5.1AI score0.00216EPSS
Exploits0References6
Rows per page
Query Builder