Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-08-01
CVE-2024-10114 - Woocommerce Social Login Plugin
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
PLUGIN
Woocommerce Social Login
CVE-2024-10114
Risk Score
Threat Entry
Updated 2025-02-07
CVE-2024-7503 - Woocommerce Social Login Plugin
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the 'woo_slg_confirm_email_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the userID. This requires the email module to be enabled.
PLUGIN
Woocommerce Social Login
CVE-2024-7503
Risk Score
Threat Entry
Updated 2025-02-11
CVE-2024-6636 - Woocommerce Social Login Plugin
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role to Administrator while registering for an account.
PLUGIN
Woocommerce Social Login
CVE-2024-6636
Risk Score
Threat Entry
Updated 2025-02-11
CVE-2024-6637 - Woocommerce Social Login Plugin
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user.
PLUGIN
Woocommerce Social Login
CVE-2024-6637
Risk Score
Threat Entry
Updated 2025-02-11
CVE-2024-6635 - Woocommerce Social Login Plugin
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.3. This is due to insufficient controls in the 'woo_slg_login_email' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, excluding an administrator, if they know the email of user.
PLUGIN
Woocommerce Social Login
CVE-2024-6635
Risk Score
Threat Entry
Updated 2025-02-07
CVE-2024-5871 - Woocommerce Social Login Plugin
The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
PLUGIN
Woocommerce Social Login
CVE-2024-5871
Risk Score
Threat Entry
Updated 2025-02-07
CVE-2024-5868 - Woocommerce Social Login Plugin
The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.
PLUGIN
Woocommerce Social Login
CVE-2024-5868
Risk Score