Heateor Social Login
Monthly
Cross-Site Request Forgery in the Heateor Social Login WordPress plugin (versions up to and including 1.1.39) lets an unauthenticated remote attacker forge state-changing requests that are executed with a logged-in victim's privileges once the victim is lured into interacting with a malicious page. The CVSS 3.1 score is 8.1 with High confidentiality and integrity impact, reflecting potential account or configuration manipulation, though exploitation is gated on user interaction (UI:R). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Cross-Site Request Forgery in the Heateor Social Login WordPress plugin (versions up to and including 1.1.39) lets an unauthenticated remote attacker forge state-changing requests that are executed with a logged-in victim's privileges once the victim is lured into interacting with a malicious page. The CVSS 3.1 score is 8.1 with High confidentiality and integrity impact, reflecting potential account or configuration manipulation, though exploitation is gated on user interaction (UI:R). There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.