Skip to main content

Heateor Social Login

1 CVEs product

Monthly

CVE-2026-57751 HIGH This Week

Cross-Site Request Forgery in the Heateor Social Login WordPress plugin (versions up to and including 1.1.39) lets an unauthenticated remote attacker forge state-changing requests that are executed with a logged-in victim's privileges once the victim is lured into interacting with a malicious page. The CVSS 3.1 score is 8.1 with High confidentiality and integrity impact, reflecting potential account or configuration manipulation, though exploitation is gated on user interaction (UI:R). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

CSRF Heateor Social Login
NVD
CVSS 3.1
8.1
EPSS
0.1%
EPSS 0% CVSS 8.1
HIGH This Week

Cross-Site Request Forgery in the Heateor Social Login WordPress plugin (versions up to and including 1.1.39) lets an unauthenticated remote attacker forge state-changing requests that are executed with a logged-in victim's privileges once the victim is lured into interacting with a malicious page. The CVSS 3.1 score is 8.1 with High confidentiality and integrity impact, reflecting potential account or configuration manipulation, though exploitation is gated on user interaction (UI:R). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

CSRF Heateor Social Login
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy