Vulnerabilities > Heateor
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-06 | CVE-2024-10020 | Unspecified vulnerability in Heateor Social Login The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. | 8.1 |
| 2024-11-06 | CVE-2024-9946 | Unspecified vulnerability in Heateor Super Socializer The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. | 8.1 |
| 2024-10-16 | CVE-2022-4971 | Cross-site Scripting vulnerability in Heateor Sassy Social Share The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-06-08 | CVE-2024-35706 | Unspecified vulnerability in Heateor Social Login Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Cross-Site Scripting (XSS).This issue affects Heateor Social Login: from n/a through 1.1.32. | 6.1 |
| 2024-06-08 | CVE-2024-35707 | Unspecified vulnerability in Heateor Social Login Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Stored XSS.This issue affects Heateor Social Login: from n/a through 1.1.32. | 5.4 |
| 2024-03-06 | CVE-2024-1989 | Cross-site Scripting vulnerability in Heateor Sassy Social Share The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user supplied attributes such as 'url'. | 5.4 |
| 2024-02-10 | CVE-2024-24712 | Unspecified vulnerability in Heateor Social Login Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS.This issue affects Heateor Social Login WordPress: from n/a through 1.1.30. | 5.4 |
| 2023-06-20 | CVE-2023-35882 | Cross-site Scripting vulnerability in Heateor Super Socializer Auth. | 5.4 |
| 2023-04-04 | CVE-2023-23977 | Unspecified vulnerability in Heateor Social Comments Auth. | 5.4 |
| 2023-03-30 | CVE-2023-23670 | Unspecified vulnerability in Heateor Fancy Comments Auth. | 5.4 |