EUVD-2025-201405

| CVE-2025-13620 MEDIUM
2025-12-05 [email protected]
Authentication Bypass WordPress
5.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 15, 2026 - 17:08 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 17:08 euvd
EUVD-2025-201405
CVE Published
Dec 05, 2025 - 11:15 nvd
MEDIUM 5.3

DescriptionNVD

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 3.1.3. This is due to the REST routes wslu/v1/check_cache/{type}, wslu/v1/save_cache/{type}, and wslu/v1/settings/clear_counter_cache being registered with permission_callback set to __return_true and lacking capability or nonce validation in their handlers. This makes it possible for unauthenticated attackers to clear or overwrite the social counter cache via crafted REST requests.

AnalysisAI

A security vulnerability in Wp Social Login and Register Social Counter (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Technical ContextAI

CWE-862 (Missing Authorization). Affects Wp Social Login and Register Social Counter.

RemediationAI

Monitor vendor channels for patch availability.

Share

EUVD-2025-201405 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy