29 matches found
CVE-2025-1061
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...
CVE-2025-13737
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...
EUVD-2025-199854
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...
CVE-2025-13737 Nextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...
CVE-2025-13737
The CVE-2025-13737 entry covers the WordPress plugin Nextend Social Login and Register (WordPress Nextend Facebook Connect) with a Cross-Site Request Forgery (CSRF) vulnerability tracked up to version 3.1.21. The underlying issue is missing or incorrect nonce validation in the unlinkUser function...
CVE-2025-13737 Nextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...
WordPress plugin Nextend Social Login and Register 跨站请求伪造漏洞
WordPress Nextend Social Login and Register plugin is a free WordPress plugin designed to simplify the registration and login process for website users. A cross-site request forgery vulnerability exists in the WordPress Nextend Social Login and Register plugin, which arises from a web application...
PT-2025-48311
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...
EUVD-2025-1984
Malicious code in bioql PyPI...
EUVD-2024-17500
Malicious code in bioql PyPI...
EUVD-2024-50188
Malicious code in bioql PyPI...
CVE-2024-1775
The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘errordescription’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'
The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...
CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'
The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...
CVE-2025-1061
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...
CVE-2025-1061
CVE-2025-1061 (Nextend Social Login Pro, WordPress) is an authentication bypass vulnerability in versions up to and including 3.1.16 caused by insufficient verification of the user during the Apple OAuth authenticate request. This allows unauthenticated attackers to log in as an existing user (e....
CVE-2025-1061 Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...
CVE-2025-1061 Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for...
CVE-2024-9893
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as a...
CVE-2024-9893
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as a...