CVE Catalog

CVE-2026-57751

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Summary

The Heateor Social Login plugin version 1.1.39 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can exploit this flaw to perform unauthorized actions on behalf of an authenticated administrator.

Risk Assessment

The risk involves potential account takeover or unauthorized configuration changes to the plugin, which could compromise the entire WordPress site's security.

Recommendation

Immediately update the Heateor Social Login plugin to the latest available version that patches this vulnerability. If an update is not possible, consider temporarily disabling the plugin.

Original NVD description (English source)

Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS