cleantalk
Vulnerabilities and Security Researches

Wp Social Login and Register Social Counter, CVE-2025-13620

CVE, Research URL

CVE-2025-13620

Home page URL

Security reports for Wp Social Login and Register Social Counter

Application

Wp Social Login and Register Social Counter

Published on
Dec 05, 2025
Research Description
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 3.1.3. This is due to the REST routes wslu/v1/check_cache/{type}, wslu/v1/save_cache/{type}, and wslu/v1/settings/clear_counter_cache being registered with permission_callback set to __return_true and lacking capability or nonce validation in their handlers. This makes it possible for unauthenticated attackers to clear or overwrite the social counter cache via crafted REST requests.
Affected versions
max 3.1.4.
Status
vulnerable
Previous vulnerability researches
TI WooCommerce Wishlist (CVE-2025-32920) , May 20, 2025
TI WooCommerce Wishlist (CVE-2025-47577) , May 20, 2025
TI WooCommerce Wishlist (CVE-2025-67929) , Jan 08, 2026
TI WooCommerce Wishlist (CVE-2024-10567) , Dec 05, 2024
TI WooCommerce Wishlist (CVE-2024-43917) , Aug 25, 2024
New vulnerability
Pure WC Variation Swatches (CVE-2025-12820) , Jan 11, 2026
WP Scraper (CVE-2025-62088) , Jan 11, 2026
Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger Live Chat Support Chat Button – Bit As (CVE-2025-68596) , Jan 11, 2026
Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic (CVE-2025-69093) , Jan 11, 2026
SALESmanago (CVE-2025-68571) , Jan 11, 2026