Lucene search
+L

37 matches found

patchstack
patchstack
added 2026/02/02 10:12 a.m.6 views

WordPress WooCommerce Social Login plugin <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability

Missing Authorization to Unauthenticated Privilege Escalation vulnerability discovered by Vu Nguyen maxntv in WordPress Plugin WooCommerce Social Login versions = 2.7.3...

9.8CVSS5.3AI score0.00518EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-11383

Malicious code in bioql PyPI...

4.3CVSS6.1AI score0.00159EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-36714

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00313EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 9:52 a.m.8 views

CVE-2024-37502

Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login woo-social-login.This issue affects WooCommerce Social Login: from n/a through = 2.6.3...

7.5CVSS5.9AI score0.00313EPSS
Exploits0References1
nvd
nvd
added 2025/04/16 6:16 p.m.32 views

CVE-2025-39472

Cross-Site Request Forgery CSRF vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through 2.8.3...

8.8CVSS0.00159EPSS
Exploits0References1
osv
osv
added 2025/04/16 6:16 p.m.5 views

CVE-2025-39472

Cross-Site Request Forgery CSRF vulnerability in WPWeb WooCommerce Social Login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a before 2.8.3...

8.8CVSS5.8AI score0.00159EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/04/16 5:15 p.m.10 views

CVE-2025-39472 WordPress WooCommerce Social Login plugin < 2.8.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through 2.8.3...

4.3CVSS7.2AI score0.00159EPSS
Exploits0References1
cve
cve
added 2025/04/16 5:15 p.m.69 views

CVE-2025-39472

CVE-2025-39472 corresponds to a CSRF vulnerability in the WPWooCommerce Social Login plugin (WooCommerce Social Login). Affected versions are 2.8.2 and earlier; the issue arises from Cross-Site Request Forgery that could allow unauthorized actions on behalf of a user. The fix is to upgrade to ver...

8.8CVSS7.2AI score0.00159EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/04/16 5:15 p.m.33 views

CVE-2025-39472 WordPress WooCommerce Social Login plugin < 2.8.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through 2.8.3...

4.3CVSS0.00159EPSS
Exploits0References1
patchstack
patchstack
added 2025/04/16 5:13 p.m.7 views

WordPress WooCommerce Social Login plugin < 2.8.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WooCommerce Social Login versions 2.8.3...

8.8CVSS8.2AI score0.00159EPSS
Exploits0Affected Software1
cnnvd
cnnvd
added 2025/04/16 12:0 a.m.6 views

WordPress plugin WooCommerce Social Login 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site request forge...

4.3CVSS5.9AI score0.00159EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/04/16 12:0 a.m.10 views

PT-2025-16805 · Unknown · Woocommerce - Social Login

Name of the Vulnerable Software and Affected Versions: WooCommerce Social Login versions 2.8.2 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user. This issue may be exploited to perform actions...

4.3CVSS5.6AI score0.00159EPSS
Exploits0References6
redhatcve
redhatcve
added 2025/02/05 12:1 p.m.11 views

CVE-2024-7503

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the 'wooslgconfirmemailuser' function. This makes it possible for unauthenticated attackers to l...

9.8CVSS7.2AI score0.0061EPSS
Exploits0References1
osv
osv
added 2024/11/05 9:15 a.m.7 views

CVE-2024-10114

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as...

8.1CVSS5.8AI score0.00524EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/11/05 12:0 a.m.15 views

PT-2024-16036 · WordPress · Woocommerce - Social Login

Name of the Vulnerable Software and Affected Versions: WooCommerce - Social Login plugin for WordPress versions up to, and including, 2.7.7 Description: The issue is due to insufficient verification on the user being returned by the social login token, making it possible for unauthenticated...

8.1CVSS7.3AI score0.00524EPSS
Exploits0References13
patchstack
patchstack
added 2024/11/04 12:0 a.m.23 views

WordPress WooCommerce Social Login Plugin <= 2.7.7 is vulnerable to Broken Authentication

Software WooCommerce Social Login Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10114 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 36095483e627 Credi...

8.1CVSS6.6AI score0.00524EPSS
Exploits0References2Affected Software1
patchstack
patchstack
added 2024/08/13 12:0 a.m.11 views

WordPress WooCommerce Social Login Plugin <= 2.7.5 is vulnerable to Broken Authentication

Software WooCommerce Social Login Type Plugin Vulnerable versions = 2.7.5 Fixed in 2.7.6 OWASP Top 10 A4: Insecure Design Classification Broken Authentication CVE CVE-2024-7503 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 23315c373121 Credits Truoc Phan Required...

9.8CVSS6.5AI score0.0061EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2024/08/10 2:1 a.m.28 views

CVE-2024-7503 WooCommerce - Social Login <= 2.7.5 - Authentication Bypass to Account Takeover

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the 'wooslgconfirmemailuser' function. This makes it possible for unauthenticated attackers to l...

9.8CVSS0.0061EPSS
Exploits0References2
nvd
nvd
added 2024/07/20 8:15 a.m.18 views

CVE-2024-6637

The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the...

7.3CVSS0.00362EPSS
Exploits0References2
osv
osv
added 2024/07/20 8:15 a.m.7 views

CVE-2024-6636

The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wooslgloginemail' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role ...

9.8CVSS5.8AI score0.00518EPSS
Exploits0References2
Rows per page
Query Builder