Lucene search
K

619 matches found

Nuclei
Nuclei
added 18 hours ago33 views

Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login

The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username...

8.1CVSS7.1AI score0.08377EPSS
Exploits3References3
Nuclei
Nuclei
added 18 hours ago52 views

Social Login by BestWebSoft < 0.2 - Cross-Site Scripting

The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...

6.1CVSS6.4AI score0.0141EPSS
Exploits1References4
NVD
NVD
added yesterday5 views

CVE-2026-57751

Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...

8.1CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday32 views

CVE-2026-57751 WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...

8.1CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-57751

The CVE-2026-57751 entry concerns the WordPress plugin Heateor Social Login (versions

8.1CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added yesterday84 views

Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass

The WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes...

9.8CVSS7.6AI score0.46947EPSS
Exploits4References5
Patchstack
Patchstack
added 2 days ago5 views

WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by ParkHyunWoo in WordPress Plugin Heateor Social Login versions = 1.1.39...

8.1CVSS5.8AI score
Exploits0Affected Software1
NVD
NVD
added 2026/06/22 10:16 a.m.12 views

CVE-2026-12863

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

5.1CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 8:41 a.m.18 views

CVE-2026-12863

Venueless ’ social login contains an unvalidated redirect that could be exploited for phishing via trusted domains. Public records (NVD, CVE records) describe an unvalidated redirect in the social login flow, enabling attackers to lure users to attacker-controlled sites by leveraging trusted doma...

5.1CVSS5.8AI score0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:41 a.m.6 views

CVE-2026-12863

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

5.1CVSS5.8AI score0.00226EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/22 8:41 a.m.6 views

CVE-2026-12863 Open redirect

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

5.1CVSS5.8AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 8:41 a.m.33 views

CVE-2026-12863 Open redirect

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

5.1CVSS0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 8:41 a.m.8 views

EUVD-2026-38221

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

5.1CVSS5.8AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2026/06/20 2:16 p.m.11 views

CVE-2019-25763

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...

9.8CVSS0.00428EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 1:36 p.m.8 views

EUVD-2019-20199

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...

9.8CVSS5.9AI score0.00428EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/20 1:36 p.m.6 views

CVE-2019-25763

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the...

9.8CVSS5.9AI score0.00428EPSS
Exploits0References3
CVE
CVE
added 2026/06/20 1:36 p.m.19 views

CVE-2019-25763

WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability. An attacker can submit a POST to admin-ajax.php with the uabb-lf-google-submit action, a valid administrator email, and a valid nonce to obtain session cookies and authenticate as that user. CVSS...

9.8CVSS5.9AI score0.00428EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.13 views

PT-2026-51139

Name of the Vulnerable Software and Affected Versions WordPress Ultimate Addons for Beaver Builder version 1.2.4.1 Description An authentication bypass exists in the social media login form functionality. Attackers can gain unauthorized access by submitting a POST request to the 'admin-ajax.php'...

9.8CVSS5.9AI score0.00428EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.4 views

Devolutions Server <= 2026.1.21 / 2026.2.0 <= 2026.2.5 Multiple Vulnerabilities (DEVO-2026-0017)

The version of Devolutions Server installed on the remote host is prior or equal to 2026.1.21 or 2026.2.0 prior or equal to 2026.2.5. It is, therefore, affected by multiple vulnerabilities, including: - Improper access control in PAM account discovery results in Devolutions Server 2026.2.5,...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.4 views

Devolutions Remote Desktop Manager <= 2026.2.8 Improper Host Validation (DEVO-2026-0018)(CVE-2026-12162)

The version of Devolutions Remote Desktop Manager installed on the remote host is 2025.2.8 or earlier. It is, therefore, affected by an improper host validation vulnerability: - Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an...

5.5CVSS5.9AI score0.00112EPSS
Exploits0References2
Rows per page
Query Builder