WP-Safety

Heateor Login – Social Login Plugin Security & Risk Analysis

wordpress.org/plugins/heateor-login

Allow your website visitors to login to your website via their Facebook accounts

10 active installs v1.1.10 PHP + WP 2.5.0+ Updated Sep 6, 2025
facebook-loginprofile-datasocial-analyticssocial-loginsocial-plugin
99
A · Safe
CVEs total1
Unpatched0
Last CVESep 9, 2025
Plugin page Download
Safety Verdict

Is Heateor Login – Social Login Plugin Safe to Use in 2026?

Generally Safe

Score 99/100

Heateor Login – Social Login Plugin has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Sep 9, 2025Updated 8mo ago
Risk Assessment

The 'heateor-login' plugin exhibits a mixed security posture. While it generally uses prepared statements for SQL queries and has a moderate number of file operations and external requests, there are significant concerns regarding input sanitization and authentication. The static analysis reveals one unprotected AJAX handler, which presents a direct attack vector. Furthermore, 33% of output is not properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is mishandled. The taint analysis shows one high-severity flow, likely related to the unprotected entry point or unsanitized output, which is a critical concern. The vulnerability history, while showing no currently unpatched CVEs, does list a past medium-severity XSS vulnerability, reinforcing the risk associated with input handling. The lack of nonce checks on the identified unprotected AJAX handler is also a notable weakness. Overall, the plugin has several areas needing immediate attention to improve its security.

Key Concerns

  • Unprotected AJAX handler
  • Low percentage of properly escaped output
  • High severity taint flow detected
  • No nonce checks on entry points
  • Past medium severity XSS vulnerability
Vulnerabilities
1 published

Heateor Login – Social Login Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-9857medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Heateor Login – Social Login Plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 9, 2025 Patched in 1.1.10 (1d)
Version History

Heateor Login – Social Login Plugin Release Timeline

v1.1.10Current
v1.1.91 CVE
CVE-2025-9857
v1.1.81 CVE
CVE-2025-9857
v1.1.71 CVE
CVE-2025-9857
v1.1.61 CVE
CVE-2025-9857
v1.1.51 CVE
CVE-2025-9857
v1.1.41 CVE
CVE-2025-9857
v1.1.31 CVE
CVE-2025-9857
v1.1.21 CVE
CVE-2025-9857
v1.1.11 CVE
CVE-2025-9857
v1.11 CVE
CVE-2025-9857
v1.0.31 CVE
CVE-2025-9857
v1.0.21 CVE
CVE-2025-9857
v1.0.11 CVE
CVE-2025-9857
v1.01 CVE
CVE-2025-9857
Code Analysis
Analyzed Mar 16, 2026

Heateor Login – Social Login Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
7 prepared
Unescaped Output
93
46 escaped
Nonce Checks
0
Capability Checks
3
File Operations
3
External Requests
3
Bundled Libraries
0

SQL Query Safety

88% prepared8 total queries

Output Escaping

33% escaped139 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
heateor_fbl_connect (heateor-login.php:270)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Heateor Login – Social Login Plugin Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_heateor_fbl_delete_social_profileheateor-login.php:949

Shortcodes 1

[Heateor_Facebook_Login] shortcode.php:33
WordPress Hooks 26
actionlogin_formheateor-login.php:94
actionregister_formheateor-login.php:97
actioncomment_form_must_log_in_afterheateor-login.php:100
actioncomment_form_topheateor-login.php:101
actionwoocommerce_before_customer_login_formheateor-login.php:104
actionwoocommerce_login_formheateor-login.php:107
actionwoocommerce_register_formheateor-login.php:110
actionwoocommerce_checkout_before_customer_detailsheateor-login.php:113
actionedit_user_profileheateor-login.php:172
actionshow_user_profileheateor-login.php:173
actionpersonal_options_updateheateor-login.php:174
actionedit_user_profile_updateheateor-login.php:175
filterget_avatarheateor-login.php:246
actionparse_requestheateor-login.php:463
actionwp_enqueue_scriptsheateor-login.php:562
actionlogin_enqueue_scriptsheateor-login.php:563
actioninitheateor-login.php:565
actionadmin_menuheateor-login.php:576
actionadmin_initheateor-login.php:597
filterplugin_action_links_heateor-login/heateor-login.phpheateor-login.php:826
actionadmin_noticesheateor-login.php:855
actionplugins_loadedheateor-login.php:872
filtermanage_users_columnsheateor-login.php:888
actionmanage_users_custom_columnheateor-login.php:902
actionadmin_headheateor-login.php:935
actionwidgets_initwidget.php:92
Maintenance & Trust

Heateor Login – Social Login Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 6, 2025
PHP min version
Downloads6K

Community Trust

Rating100/100
Number of ratings3
Active installs10
Alternatives

Heateor Login – Social Login Plugin Alternatives

Social Login

Social Login

oa-social-login

A
89

With Social Login your users can login, register and comment with 40+ Social Networks. Maintenance Free. Uptime Guarantee. Fulltime devs

5K 1 CVE
UsersWP – Social Login

UsersWP – Social Login

userswp-social-login

A
100

Social Login addon for UsersWP.

2K No CVEs
WP Social AutoConnect

WP Social AutoConnect

wp-fb-autoconnect

B
74

A lightweight but powerful Facebook login plugin, easy to setup and transparent to new and returning users alike. Supports Buddypress.

500 1 unpatched
Happy Social Login

Happy Social Login

happy-social-login

A
92

Enables user authentication through various social media accounts. Login through Google, Facebook, LinkedIn, GitHub and more.

100 No CVEs
NS Social Login

NS Social Login

ns-social-login

A
85

This plugin add butto facebook login to your login page

10 No CVEs
Developer Profile

Heateor Login – Social Login Plugin Developer Profile

Heateor Support

6 plugins · 107K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
174 days
View full developer profile
Detection Fingerprints

How We Detect Heateor Login – Social Login Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/heateor-login/css/style.css/wp-content/plugins/heateor-login/js/script.js
Script Paths
/wp-content/plugins/heateor-login/js/script.js
Version Parameters
heateor-login/css/style.css?ver=heateor-login/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
heateor_fbl_social_login_titleheateor_fbl_login_containerheateor_fbl_login_ulheateorFblLoginheateorFblFacebookBackgroundheateorFblFacebookLoginheateorFblFacebookLogoContainerheateorFblLoginSvg+4 more
Data Attributes
heateor_fbl_gdpr_consent
JS Globals
heateorFblLoginContainer
FAQ

Frequently Asked Questions about Heateor Login – Social Login Plugin