CVE Catalog
CVE-2026-57751
HighCVSS 8.1Summary
The Heateor Social Login plugin version 1.1.39 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can exploit this flaw to perform unauthorized actions on behalf of an authenticated administrator.
Risk Assessment
The risk involves potential account takeover or unauthorized configuration changes to the plugin, which could compromise the entire WordPress site's security.
Recommendation
Immediately update the Heateor Social Login plugin to the latest available version that patches this vulnerability. If an update is not possible, consider temporarily disabling the plugin.
Original NVD description (English source)
Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions.

