Wpwebelite

Woocommerce Social Login

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-39472

  • EPSS 0.09%
  • Veröffentlicht 16.04.2025 17:15:50
  • Zuletzt bearbeitet 26.01.2026 15:28:41

Cross-Site Request Forgery (CSRF) vulnerability in WPWeb WooCommerce Social Login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a before 2.8.3.

8.1

CVE-2024-10114

  • EPSS 0.22%
  • Veröffentlicht 05.11.2024 09:15:03
  • Zuletzt bearbeitet 01.08.2025 02:07:55

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possi...

9.8

CVE-2024-7503

  • EPSS 1.32%
  • Veröffentlicht 12.08.2024 13:38:43
  • Zuletzt bearbeitet 07.02.2025 16:06:13

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the 'woo_slg_confirm_email_user' function. This m...

7.3

CVE-2024-6635

  • EPSS 0.33%
  • Veröffentlicht 20.07.2024 08:15:16
  • Zuletzt bearbeitet 11.02.2025 15:39:13

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.3. This is due to insufficient controls in the 'woo_slg_login_email' function. This makes it possible for unauthenticated...

9.8

CVE-2024-6636

  • EPSS 2.73%
  • Veröffentlicht 20.07.2024 08:15:16
  • Zuletzt bearbeitet 11.02.2025 15:41:28

The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3. This makes it possible for una...

7.3

CVE-2024-6637

  • EPSS 0.55%
  • Veröffentlicht 20.07.2024 08:15:16
  • Zuletzt bearbeitet 11.02.2025 15:43:25

The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible f...

7.5

CVE-2024-37502

  • EPSS 0.35%
  • Veröffentlicht 09.07.2024 09:15:04
  • Zuletzt bearbeitet 28.01.2026 18:44:58

Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue affects WooCommerce Social Login: from n/a through 2.6.3.

5.3

CVE-2024-5868

  • EPSS 0.13%
  • Veröffentlicht 15.06.2024 04:15:13
  • Zuletzt bearbeitet 07.02.2025 19:49:25

The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass t...

9.8

CVE-2024-5871

  • EPSS 5.2%
  • Veröffentlicht 15.06.2024 04:15:13
  • Zuletzt bearbeitet 07.02.2025 19:41:49

The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for un...