Wpwebelite Woocommerce Social Login vulnerabilities
9 known vulnerabilities affecting wpwebelite/woocommerce_social_login.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH5MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-37502P2HIGHCVSS 7.5Exploitedfixed in 2.7.02024-07-09
CVE-2024-37502 [HIGH] CWE-502 CVE-2024-37502: Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login woo-social-login.T
Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login woo-social-login.This issue affects WooCommerce Social Login: from n/a through <= 2.6.3.
nvd
CVE-2024-7503P2CRITICALCVSS 9.8fixed in 2.7.42024-08-12
CVE-2024-7503 [CRITICAL] CWE-288 CVE-2024-7503: The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versio
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the 'woo_slg_confirm_email_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an
nvd
CVE-2024-6636P2CRITICALCVSS 9.8fixed in 2.7.42024-07-20
CVE-2024-6636 [CRITICAL] CWE-862 CVE-2024-6636: The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of da
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role to Administrator while registering for an account.
nvd
CVE-2024-10114P3HIGHCVSS 8.1fixed in 2.7.82024-11-05
CVE-2024-10114 [HIGH] CWE-287 CVE-2024-10114: The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all ve
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator,
nvd
CVE-2024-5871P3CRITICALCVSS 9.8fixed in 2.6.32024-06-15
CVE-2024-5871 [CRITICAL] CWE-502 CVE-2024-5871: The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all ver
The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable softw
nvd
CVE-2024-6635P3HIGHCVSS 7.3fixed in 2.7.42024-07-20
CVE-2024-6635 [HIGH] CWE-288 CVE-2024-6635: The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versio
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.3. This is due to insufficient controls in the 'woo_slg_login_email' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, excluding an administrator, if they know the email
nvd
CVE-2024-6637P3HIGHCVSS 7.3fixed in 2.7.42024-07-20
CVE-2024-6637 [HIGH] CWE-305 CVE-2024-6637: The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escal
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator,
nvd
CVE-2025-39472P3HIGHCVSS 8.8fixed in 2.8.32025-04-16
CVE-2025-39472 [HIGH] CWE-352 CVE-2025-39472: Cross-Site Request Forgery (CSRF) vulnerability in wpweb WooCommerce Social Login woo-social-login a
Cross-Site Request Forgery (CSRF) vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through < 2.8.3.
nvd
CVE-2024-5868P4MEDIUMCVSS 5.3fixed in 2.6.32024-06-15
CVE-2024-5868 [MEDIUM] CWE-330 CVE-2024-5868: The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versi
The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.
nvd