CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

Patchstack•added 2025/11/29 12:12 a.m.•5 views

WordPress Nextend Social Login and Register plugin <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login vulnerability

Cross-Site Request Forgery to Unlink User Social Login vulnerability discovered by type5afe in WordPress Plugin Nextend Facebook Connect versions = 3.1.21...

4.3CVSS6.7AI score0.00011EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2014-8630

Malware in sbrugna...

4.3CVSS6.3AI score0.02131EPSS

Exploits3References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2015-4433

Malware in sbrugna...

4.3CVSS6.2AI score0.0044EPSS

Exploits1References6

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-30598

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00042EPSS

Exploits0References2

RedhatCVE•added 2025/09/24 6:31 p.m.•2 views

CVE-2025-58031

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nextendweb Nextend Facebook Connect nextend-facebook-connect allows Stored XSS.This issue affects Nextend Facebook Connect : from n/a through = 3.1.19...

6.5CVSS5.9AI score0.00042EPSS

Exploits0References1

NVD•added 2025/09/22 7:16 p.m.•3 views

CVE-2025-58031

6.5CVSS0.00042EPSS

Exploits0References1

Patchstack•added 2025/09/22 6:54 p.m.•4 views

WordPress Nextend Facebook Connect Plugin <= 3.1.19 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin Nextend Facebook Connect versions = 3.1.19...

6.5CVSS6AI score0.00042EPSS

Exploits0Affected Software1

CVE•added 2025/09/22 6:23 p.m.•8 views

CVE-2025-58031

CVE-2025-58031 corresponds to a Stored Cross-Site Scripting vulnerability in the Nextend Facebook Connect plugin for WordPress. Affected versions are Nextend Facebook Connect up to 3.1.19, with root cause described as Improper Neutralization of Input During Web Page Generation. The connected Word...

6.5CVSS5.9AI score0.00042EPSS

Exploits0References1

Cvelist•added 2025/09/22 6:23 p.m.•8 views

CVE-2025-58031 WordPress Nextend Facebook Connect Plugin <= 3.1.19 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS0.00042EPSS

Exploits0References1

Vulnrichment•added 2025/09/22 6:23 p.m.•1 views

CVE-2025-58031 WordPress Nextend Facebook Connect Plugin <= 3.1.19 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS5.9AI score0.00042EPSS

Exploits0References1

Positive Technologies•added 2025/09/22 12:0 a.m.•2 views

PT-2025-38880

Name of the Vulnerable Software and Affected Versions Nextendweb Nextend Facebook Connect versions through 3.1.19 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that maliciou...

6.5CVSS6.1AI score0.00042EPSS

Exploits0References3

CNNVD•added 2025/09/22 12:0 a.m.•1 views

WordPress plugin Nextend Facebook Connect 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

6.5CVSS5.8AI score0.00042EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 8:17 a.m.•2 views

CVE-2024-36680

In the module "Facebook" pkfacebook =1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

7.5CVSS5.9AI score0.00302EPSS

Exploits0References1

VulnCheck KEV•added 2024/06/24 12:0 a.m.•0 views

VulnCheck KEV: CVE-2024-36680

In the module Facebook pkfacebook =1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

7.5CVSS5.9AI score0.00302EPSS

Exploits0References1

Patchstack•added 2024/03/04 12:0 a.m.•7 views

WordPress Nextend Facebook Connect Plugin <= 3.1.12 is vulnerable to Cross Site Scripting (XSS)

Software Nextend Facebook Connect Type Plugin Vulnerable versions = 3.1.12 Fixed in 3.1.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1775 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6fbf027206e8 Credits Tobias...

5.4CVSS5.6AI score0.00273EPSS

Exploits0References3Affected Software1

Packet Storm•added 2017/04/04 12:0 a.m.•90 views

Inchoo Facebook Connect Cross Site Scripting

https://www.osisecurity.com.au/inchoo-facebook-connect-extension-for-magento-parameter-xss.html Date: 04-Apr-2017 Product: Inchoo Facebook Connect Magento Plugin Vulnerability: Reflected cross-site scripting. Details: Within ./app/code/community/Inchoo/Facebook/Block/Channel.php return 'isSecure ...

7.4AI score

Exploits0

Openbugbounty•added 2016/12/20 2:29 p.m.•10 views

travel.excite.co.uk XSS vulnerability

Vulnerable URL: http://travel.excite.co.uk/facebookConnect.php?locale="alert'OPENBUGBOUNTY';...

6.9AI score

Exploits0

wpexploit•added 2016/03/15 12:0 a.m.•20 views

Nextend Facebook Connect <= 1.5.7 - Cross-Site Request Forgery (CSRF)

The Nextend Social Login and Register WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

2.2AI score

Exploits0References1

Packet Storm•added 2015/12/17 12:0 a.m.•39 views

WordPress Symposium 14.05.02 Cross Site Request Forgery

Plugin Name : WP Symposium A8-Cross-SiteRequestForgeryCSRF Effected Version : 14.05.02 and most probably lower version's if any Vulnerability : A8-Cross-Site Request Forgery CSRF Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Unauthenticated PoC - Proof of Concep...

Exploits0

myhack58•added 2015/11/26 12:0 a.m.•24 views

Chrome third-party extensions to be exposed can record private information and sell it-vulnerability warning-the black bar safety net

The Swedish security firm Detectify Labs currently represents some of the Chrome extension app will track The user's Internet history, and even also includes Facebook Connect and privacy of the access token, is connected to a private Dropbox and Google Drive file link. Affect a wide range is not...

0.2AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by