Social Login by BestWebSoft < 0.2 - Cross-Site Scripting

The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...

Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username...

Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass

The WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes...

CVE-2026-12863

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

CVE-2026-12863 Open redirect

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

CVE-2026-12863 Open redirect

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

EUVD-2026-38221

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

CVE-2026-12863

Venueless ’ social login contains an unvalidated redirect that could be exploited for phishing via trusted domains. Public records (NVD, CVE records) describe an unvalidated redirect in the social login flow, enabling attackers to lure users to attacker-controlled sites by leveraging trusted doma...

CVE-2019-25763

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...

EUVD-2019-20199

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...

CVE-2019-25763

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability. An attacker can submit a POST to admin-ajax.php with the uabb-lf-google-submit action, a valid administrator email, and a valid nonce to obtain session cookies and authenticate as that user. CVSS...

PT-2026-51139

Name of the Vulnerable Software and Affected Versions WordPress Ultimate Addons for Beaver Builder version 1.2.4.1 Description An authentication bypass exists in the social media login form functionality. Attackers can gain unauthorized access by submitting a POST request to the 'admin-ajax.php'...

Devolutions Remote Desktop Manager <= 2026.2.8 Improper Host Validation (DEVO-2026-0018)(CVE-2026-12162)

The version of Devolutions Remote Desktop Manager installed on the remote host is 2025.2.8 or earlier. It is, therefore, affected by an improper host validation vulnerability: - Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an...

Devolutions Server <= 2026.1.21 / 2026.2.0 <= 2026.2.5 Multiple Vulnerabilities (DEVO-2026-0017)

The version of Devolutions Server installed on the remote host is prior or equal to 2026.1.21 or 2026.2.0 prior or equal to 2026.2.5. It is, therefore, affected by multiple vulnerabilities, including: - Improper access control in PAM account discovery results in Devolutions Server 2026.2.5,...

EUVD-2026-37202

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request...

CVE-2026-12117

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request...

CVE-2026-12117

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request...

CVE-2026-12117

CVE-2026-12117 affects Devolutions Server 2026.2.5: improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata they are not authorized to access via a crafted API request. CVSSv3.1 base score is 4.3 (Medium). The p...

EUVD-2026-37024

Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain...

CVE-2026-12162

Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain...