Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21 matches found

Patchstack
Patchstackadded 2025/11/29 12:12 a.m.5 views

WordPress Nextend Social Login and Register plugin <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login vulnerability

Cross-Site Request Forgery to Unlink User Social Login vulnerability discovered by type5afe in WordPress Plugin Nextend Facebook Connect versions = 3.1.21...

4.3CVSS6.7AI score0.00124EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.5 views

EUVD-2014-8630

Malware in sbrugna...

4.3CVSS6.3AI score0.0377EPSS
Exploits3References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2015-4433

Malware in sbrugna...

4.3CVSS6.2AI score0.02719EPSS
Exploits1References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-30598

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00191EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/09/24 6:31 p.m.2 views

CVE-2025-58031

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nextendweb Nextend Facebook Connect nextend-facebook-connect allows Stored XSS.This issue affects Nextend Facebook Connect : from n/a through = 3.1.19...

6.5CVSS5.9AI score0.00191EPSS
Exploits0References1
NVD
NVDadded 2025/09/22 7:16 p.m.3 views

CVE-2025-58031

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nextendweb Nextend Facebook Connect nextend-facebook-connect allows Stored XSS.This issue affects Nextend Facebook Connect : from n/a through = 3.1.19...

6.5CVSS0.00191EPSS
Exploits0References1
Patchstack
Patchstackadded 2025/09/22 6:54 p.m.4 views

WordPress Nextend Facebook Connect Plugin <= 3.1.19 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin Nextend Facebook Connect versions = 3.1.19...

6.5CVSS6AI score0.00191EPSS
Exploits0Affected Software1
Cvelist
Cvelistadded 2025/09/22 6:23 p.m.8 views

CVE-2025-58031 WordPress Nextend Facebook Connect Plugin <= 3.1.19 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nextendweb Nextend Facebook Connect nextend-facebook-connect allows Stored XSS.This issue affects Nextend Facebook Connect : from n/a through = 3.1.19...

6.5CVSS0.00191EPSS
Exploits0References1
CVE
CVEadded 2025/09/22 6:23 p.m.9 views

CVE-2025-58031

CVE-2025-58031 corresponds to a Stored Cross-Site Scripting vulnerability in the Nextend Facebook Connect plugin for WordPress. Affected versions are Nextend Facebook Connect up to 3.1.19, with root cause described as Improper Neutralization of Input During Web Page Generation. The connected Word...

6.5CVSS5.9AI score0.00191EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/09/22 12:0 a.m.2 views

PT-2025-38880

Name of the Vulnerable Software and Affected Versions Nextendweb Nextend Facebook Connect versions through 3.1.19 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that maliciou...

6.5CVSS6.1AI score0.00191EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/09/22 12:0 a.m.1 views

WordPress plugin Nextend Facebook Connect 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

6.5CVSS5.8AI score0.00191EPSS
Exploits0References2
Patchstack
Patchstackadded 2024/03/04 12:0 a.m.9 views

WordPress Nextend Facebook Connect Plugin <= 3.1.12 is vulnerable to Cross Site Scripting (XSS)

Software Nextend Facebook Connect Type Plugin Vulnerable versions = 3.1.12 Fixed in 3.1.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1775 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6fbf027206e8 Credits Tobias...

5.4CVSS5.6AI score0.00373EPSS
Exploits0References3Affected Software1
CNVD
CNVDadded 2015/06/26 12:0 a.m.3 views

WordPress Plugin Nextend Facebook Connect 'new_fb_sign_button' Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Nextend Facebook Connect is one of the Facebook login and registration plug-ins. A cross-site scripting vulnerability exist...

4.3CVSS5.9AI score0.02719EPSS
Exploits1References1
Prion
Prionadded 2015/06/24 2:59 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the newfbsignbutton function in nextend-facebook-connect.php in Nextend Facebook Connect plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter...

4.3CVSS6.1AI score0.02719EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2015/06/24 2:0 p.m.47 views

CVE-2015-4413

The CVE-2015-4413 entry concerns the Nextend Facebook Connect WordPress plugin. A Cross-Site Scripting (XSS) vulnerability exists in the new_fb_sign_button function in nextend-facebook-connect.php that allows injection of arbitrary web script or HTML via the redirect_to parameter. Affected versio...

4.3CVSS6.1AI score0.02719EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2015/06/24 2:0 p.m.18 views

CVE-2015-4413

Cross-site scripting XSS vulnerability in the newfbsignbutton function in nextend-facebook-connect.php in Nextend Facebook Connect plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter...

6.1AI score0.02719EPSS
Exploits1References5
NVD
NVDadded 2014/12/05 3:59 p.m.15 views

CVE-2014-8800

Cross-site scripting XSS vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fbloginbutton parameter in a newfbupdateoptions action...

4.3CVSS5.7AI score0.0377EPSS
Exploits3References4
Prion
Prionadded 2014/12/05 3:59 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fbloginbutton parameter in a newfbupdateoptions action...

4.3CVSS6.2AI score0.0377EPSS
Exploits3References4Affected Software1
CVE
CVEadded 2014/12/05 3:0 p.m.46 views

CVE-2014-8800

CVE-2014-8800 is a cross-site scripting (XSS) vulnerability in the Nextend Facebook Connect WordPress plugin prior to 1.5.1. The issue affects nextend-facebook-settings.php via the fb_login_button parameter in a newfb_update_options action, enabling remote injection of arbitrary HTML/script. Publ...

4.3CVSS5.9AI score0.0377EPSS
Exploits3References4Affected Software1
Cvelist
Cvelistadded 2014/12/05 3:0 p.m.20 views

CVE-2014-8800

Cross-site scripting XSS vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fbloginbutton parameter in a newfbupdateoptions action...

5.7AI score0.0377EPSS
Exploits3References4
Rows per page
Query Builder