cleantalk
Vulnerabilities and Security Researches

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn), CVE-2025-47670

CVE, Research URL

CVE-2025-47670

Home page URL

Security reports for WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)

Application

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)

Published on
May 23, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register allows PHP Local File Inclusion. This issue affects WordPress Social Login and Register: from n/a through 7.6.10.
Affected versions
max 7.6.10.
Status
vulnerable
Previous vulnerability researches
CM Header & Footer Script Loader – Insert Script Plugin (CVE-2025-24758) , Feb 19, 2025
CM Header & Footer Script Loader – Insert Script Plugin (CVE-2024-11202) , Nov 26, 2024
CM Header & Footer Script Loader – Insert Script Plugin (CVE-2025-31091) , Apr 05, 2025
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026