Threat Entry Updated 2024-11-21

CVE-2023-4773 - Wordpress Social Login Plugin

The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Wordpress Social Login

CVE-2023-4773

MEDIUM CVSS 6.4 2023-09-06

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2023-34172 - Wordpress Social Login Plugin

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin

PLUGIN Wordpress Social Login

CVE-2023-34172

MEDIUM CVSS 5.9 2023-08-30

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2023-34023 - Wordpress Social Login Plugin

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin

PLUGIN Wordpress Social Login

CVE-2023-34023

HIGH CVSS 7.1 2023-08-30

Risk Score

Open Full Technical Breakdown