35 matches found
WordPress WooCommerce Social Login plugin <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability
Missing Authorization to Unauthenticated Privilege Escalation vulnerability discovered by Vu Nguyen maxntv in WordPress Plugin WooCommerce Social Login versions = 2.7.3...
EUVD-2024-36714
Malicious code in bioql PyPI...
EUVD-2025-11383
Malicious code in bioql PyPI...
CVE-2024-37502
Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login woo-social-login.This issue affects WooCommerce Social Login: from n/a through = 2.6.3...
CVE-2025-39472
Cross-Site Request Forgery CSRF vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through 2.8.3...
CVE-2025-39472
Cross-Site Request Forgery CSRF vulnerability in WPWeb WooCommerce Social Login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a before 2.8.3...
CVE-2025-39472 WordPress WooCommerce Social Login plugin < 2.8.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through 2.8.3...
CVE-2025-39472
CVE-2025-39472 corresponds to a CSRF vulnerability in the WPWooCommerce Social Login plugin (WooCommerce Social Login). Affected versions are 2.8.2 and earlier; the issue arises from Cross-Site Request Forgery that could allow unauthorized actions on behalf of a user. The fix is to upgrade to ver...
CVE-2025-39472 WordPress WooCommerce Social Login plugin < 2.8.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through 2.8.3...
WordPress WooCommerce Social Login plugin < 2.8.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WooCommerce Social Login versions 2.8.3...
WordPress plugin WooCommerce Social Login 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site request forge...
PT-2025-16805 · Unknown · Woocommerce - Social Login
Name of the Vulnerable Software and Affected Versions: WooCommerce Social Login versions 2.8.2 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user. This issue may be exploited to perform actions...
CVE-2024-7503
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the 'wooslgconfirmemailuser' function. This makes it possible for unauthenticated attackers to l...
CVE-2024-10114
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as...
PT-2024-16036 · WordPress · Woocommerce - Social Login
Name of the Vulnerable Software and Affected Versions: WooCommerce - Social Login plugin for WordPress versions up to, and including, 2.7.7 Description: The issue is due to insufficient verification on the user being returned by the social login token, making it possible for unauthenticated...
WordPress WooCommerce Social Login Plugin <= 2.7.7 is vulnerable to Broken Authentication
Software WooCommerce Social Login Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10114 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 36095483e627 Credi...
WordPress WooCommerce Social Login Plugin <= 2.7.5 is vulnerable to Broken Authentication
Software WooCommerce Social Login Type Plugin Vulnerable versions = 2.7.5 Fixed in 2.7.6 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-7503 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 23315c373121 Credits Truoc Phan Required...
CVE-2024-7503 WooCommerce - Social Login <= 2.7.5 - Authentication Bypass to Account Takeover
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the 'wooslgconfirmemailuser' function. This makes it possible for unauthenticated attackers to l...
CVE-2024-6637
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the...
CVE-2024-6636
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wooslgloginemail' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role ...