WordPress Nextend Social Login Pro plugin <= 3.1.16 - Authentication Bypass via Apple OAuth provider vulnerability

Authentication Bypass via Apple OAuth provider vulnerability discovered by István Márton in WordPress Plugin Nextend Social Login Pro versions = 3.1.16...

PT-2024-18296 · WordPress · Nextend Social Login/Register

Name of the Vulnerable Software and Affected Versions: Nextend Social Login and Register plugin for WordPress versions up to, and including, 3.1.12 Description: The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the error...