Vulnerabilities and security researches forbp-social-connect bp-social-connect

Apr 11, 2025

CVE, Research URL: CVE-2025-32493
Home page URL: Security reports for BP Social Connect
Application: BP Social Connect
Date: Apr 09, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes BP Social Connect allows Stored XSS. This issue affects BP Social Connect: from n/a through 1.6.2.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2023-2704
Home page URL: Security reports for BP Social Connect
Application: BP Social Connect
Date: May 19, 2023
Research Description: The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
Affected versions: Min -, max -.
Status: vulnerable