Wp Social Login and Register Social Counter
Moderate fix1 remedy
cpe:2.3:a:wpmet:wp_social_login_and_register_social_counter:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 3.1.3
Wp Social Login and Register Social Counter Missing Authorization Vulnerability in Cache REST Endpoints
Vulnerability
Patched
A vulnerability exists in the Wp Social Login and Register Social Counter plugin for WordPress, affecting versions through 3.1.3. The issue arises from certain REST routes being registered without proper authorization checks, allowing unauthenticated users to manipulate the social counter cache. Specifically, the routes wslu/v1/check_cache/{type}, wslu/v1/save_cache/{type}, and wslu/v1/settings/clear_counter_cache were set to always allow access, without requiring any capabilities or nonce validation. This oversight enables unauthorized attackers to clear or overwrite the social counter cache by sending crafted REST requests.
Impact
Exploitation of this vulnerability allows for unauthorized modification of the social counter cache, potentially disrupting the functionality that relies on this data.
Remediation
Users are advised to update the Wp Social Login and Register Social Counter plugin to version 3.1.4 or later.
Added: Dec 5, 2025, 11:20 AM
Updated: Dec 5, 2025, 11:20 AM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
0.6exploitability
8.2remediation
7.7relevance
1.2threat
3.2urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.