Lucene search
K

29 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:11 a.m.15 views

CVE-2025-1061

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

9.8CVSS6.7AI score0.0064EPSS
Exploits0References1
NVD
NVD
added 2025/11/28 4:16 a.m.7 views

CVE-2025-13737

The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...

4.3CVSS0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/28 3:27 a.m.5 views

EUVD-2025-199854

The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...

4.3CVSS4.8AI score0.00129EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/28 3:27 a.m.3 views

CVE-2025-13737 Nextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login

The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...

4.3CVSS4.9AI score0.00129EPSS
Exploits0References3
CVE
CVE
added 2025/11/28 3:27 a.m.13 views

CVE-2025-13737

The CVE-2025-13737 entry covers the WordPress plugin Nextend Social Login and Register (WordPress Nextend Facebook Connect) with a Cross-Site Request Forgery (CSRF) vulnerability tracked up to version 3.1.21. The underlying issue is missing or incorrect nonce validation in the unlinkUser function...

4.3CVSS4.9AI score0.00129EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/28 3:27 a.m.9 views

CVE-2025-13737 Nextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login

The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...

4.3CVSS0.00129EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/28 12:0 a.m.4 views

WordPress plugin Nextend Social Login and Register 跨站请求伪造漏洞

WordPress Nextend Social Login and Register plugin is a free WordPress plugin designed to simplify the registration and login process for website users. A cross-site request forgery vulnerability exists in the WordPress Nextend Social Login and Register plugin, which arises from a web application...

4.3CVSS6.7AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/28 12:0 a.m.6 views

PT-2025-48311

The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...

4.3CVSS5.2AI score0.00129EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-1984

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.0064EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-17500

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00373EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-50188

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00645EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.32 views

CVE-2024-1775

The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘errordescription’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS6.2AI score0.00373EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/25 11:12 a.m.9 views

CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

9.8CVSS9.5AI score0.00388EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/25 11:12 a.m.18 views

CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

9.8CVSS0.00388EPSS
Exploits0References2
NVD
NVD
added 2025/02/07 2:15 a.m.25 views

CVE-2025-1061

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

9.8CVSS0.0064EPSS
Exploits0References3
CVE
CVE
added 2025/02/07 1:41 a.m.127 views

CVE-2025-1061

CVE-2025-1061 (Nextend Social Login Pro, WordPress) is an authentication bypass vulnerability in versions up to and including 3.1.16 caused by insufficient verification of the user during the Apple OAuth authenticate request. This allows unauthenticated attackers to log in as an existing user (e....

9.8CVSS8.9AI score0.0064EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/07 1:41 a.m.10 views

CVE-2025-1061 Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

9.8CVSS6.8AI score0.0064EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/07 1:41 a.m.29 views

CVE-2025-1061 Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...

9.8CVSS0.0064EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 4:35 a.m.9 views

CVE-2024-9893

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as a...

9.8CVSS7.1AI score0.00645EPSS
Exploits0References1
NVD
NVD
added 2024/10/16 2:15 p.m.10 views

CVE-2024-9893

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as a...

9.8CVSS0.00645EPSS
Exploits0References3
Rows per page
Query Builder